Phishing, Smishing, and Vishing..Oh My! | University Information Security Office

pumpkin head scarecrow with fish caught on a hook — Don’t get hooked!

Don’t Get Hooked..

Cyber criminals target individuals with more than emails now. Sophisticated attacks can take the form of emails, texts, and phone calls. Get familiar with these terms:

Phishing: fraudulent e-mails and websites meant to steal data
Vishing: fraudulent phone calls that induce you to reveal personal information.
Smishing: fraudulent text messages meant to trick you into revealing data

How to Spot a Fraud

Sometimes it can be very hard to distinguish a phish, vish, or smish from a legitimate message. Be suspicious of any messages that have some of these characteristics:

Unexpected: these will come from unknown senders with unexpected offers, information, or demands that seem out of place

Disguised: hover over email link to see if they seem irregular or point you to a different site than what you’re expecting

Seeking personal Information: be suspicious of unexpected or unknown sources demanding personal information, passwords or payments

Urgency: be suspicious of messages that create a sense of urgency or fear
Incorrect: fraudulent messages will often contain spelling, grammar and language errors because they may originate from bad actors abroad

UIS malware filters detect and block over 13,000 phishing messages per month

What to Do:

If you get phished, be a cyber champion and let your mail provider know so they can enable blocks at the mail server so others don’t also receive it.

In your Georgetown mail, follow the steps to send the message headers (the bit with all the clues in it) to the cyber incident response team CIRT@georgetown.edu.

Report a GU Phish to UIS

Learn how to report phishes in your personal mail and social media accounts:
- GMail – reporting spam and phish
- Outlook – reporting spam and phish
- Social Media and other providers – recognizing and reporting phish

If you get vishing and smishing messages, the absolute best course of action is to IGNORE them. Never respond or interact with the senders or callers.

A legitimate company will always contact you through an official channel from an official and verifiable phone number. And you should ONLY call a number that you have looked up yourself. The “call back” numbers or websites in text messages are always going to lead back to a scammer.

What you need to know: Fraudsters are trying to reach you through any means available. Be vigilant when responding to any unsolicited emails, phone calls, and text messages. A TRICKSTER may be on the other end!