Phishing is a technique used by criminals to send fake emails claiming to represent legitimate businesses, University departments, and even your close friends. Attackers will commonly use seemingly everyday notifications such as false bank statements, password change requests, and other forms of solicitation to obtain personal information. Criminals have moved beyond emails to solicit information. Phishing, Smishing, and Vishing are all forms of fraudulent attacks to get you to give up information.
How to Spot a Phish
Tips to Catch a Phish:
- Phishing messages often have a sense of urgency or threat to them.
- The sender of a phishing email is not legitimate.
- Links in emails direct users to invalid URLs. Hover over the URL without clicking in order to see where a link may take you.
- Grammar and spelling mistakes are prolific in phishing emails.
- Phishing emails usually have a generic, rather than personal, greeting.
UIS will never ask for your password. Verify legitimate UIS emails here.
Check out samples of current, known, phishing attacks at the University at our phishing examples page.
Be wary of emails demanding that you log in or update your account/profile, and always confirm that you are at a legitimate site before logging in or submitting personal information.
What to do if you get a suspicious email:
1. Do not click on the links or attachments in the email. Check the validity of the email if you can, by checking with the sender by some method other than reply email
2. If you are unsure of the email, forward the email with the headers to CIRT@georgetown.edu
3. If you are sure the email is a phish, go to the original email; refer to the top right portion of the email box; click on the “more” option to the right of the “reply arrow,” and choose “report phishing.”
Clicked on a link that may be fraudulent? Reset your password from another computer immediately and review your gmail settings. If you need additional help, contact the GU UIS Service Center at firstname.lastname@example.org or (202) 687-4949.
Need to forward email headers?
Include the email headers by going back to the original email, clicking on the three vertical dots, and selecting “show original” in the drop down list. A new window or tab should open up. Copy the entire content of the window into an email to send. Send headers to the Cyber Incident Response Team CIRT@georgetown.edu