What is Phishing?
Phishing is a fraudulent attempt by cybercriminals to obtain information such as your Radford University credentials and passwords, personally identifiable information, banking, or credit card details. The attempts are usually via email or other forms of electronic communication. Below are some tips you can use to protect yourself and your information:
- Always look at the sender email address, not just the sender name. It's easy to spoof the name, but harder to spoof the email address (but not impossible). For this exercise, the email came from email@example.com, not firstname.lastname@example.org.
- If an email ends up in your junk mail folder, it is likely spam or it is spoofed to look like someone else sent it. Again, check the sender email address carefully.
- Does the email generate a sense of urgency? Cybercriminals use this tactic to speed past your better judgment to take action and is a tell-tale sign that it's a phishing email.
- Did the email require you to enter a password? Radford University’s Division of Information Technology (DoIT), and email from legitimate banks or other sites, will NEVER ask for your password.
- If you are logging into a Radford University website, always verify the URL you are logging into is https://sso.radford.edu. That is our only Single Sign On (SSO) website. The URL is visible in the search bar of your browser.
- If an email seems suspicious, feel free to forward the email to email@example.com and request IT Security take a look at it for you.
Common Phishing Themes
- Cybercriminals regularly pretend to be department chairs, deans and directors and send email asking faculty and staff if they are available and if they can do the sender a favor.
- Responding to the email engages the cybercriminal and will likely result in a request for gift card numbers (so that they can give them as gifts).
- NEVER purchase and send gift card numbers via email without first verifying that this is a legitimate request from a trusted colleague, friend or family member. Use another form of communication to verify – call them, stop by the Dean’s office and ask if the request was legitimate, text your friend to verify. If you purchase the gift cards and email the numbers to the cybercriminal, you could potentially lose that money. Not all vendors will reimburse the purchase.
- If you've fallen victim to a gift card scam, please contact firstname.lastname@example.org immediately.
- Cybercriminals will send a threatening email indicating they've been spying on you, have your information and are demanding a ransom. They may even include an old password of yours to create a sense of fear and urgency. Old passwords are usually discovered when other sites are compromised and the password file is published online.
- NEVER use your Radford University account password on other sites, such as banking or social media. Maintaining a unique password for each account, enabling two-factor authentication where possible, and using strong passwords and passphrases helps protect you.
- If you feel that you’ve been compromised, report these emails to email@example.com.
- Cybercriminals may share a file with you, such as a class schedule or payroll information. When you click on the email link, you'll go to a fraudulent, but look-a-like Microsoft Office365 webpage.
- Always check the URL in the email before clicking on a link. Hover over the link to verify where it goes. If it's not *.office.com, it's not really Microsoft Office365.
- Report emails such as these to firstname.lastname@example.org so that IT Security can block malicious websites such as those.
- Cybercriminals may send email informing you that the DoIT Helpdesk is going to disable your account or email unless you click the link and login to cancel the deactivation..
- This email generates a sense of urgency to trick you into providing your credentials.
- If you are in doubt, call the DoIT Help Desk at 540-831-7500 to verify.
- Report emails such as these to email@example.com so that IT Security can block malicious websites.