What is Phishing? 

Phishing is a type of cyberattack where attackers attempt to deceive their victims into giving personal information or performing actions they wouldn’t otherwise perform. These scams can lead to things like malware being installed, personal information being stolen, and/or login information being obtained. There are many types of phishing, including: 

  • Email Phishing:Sending fake or malicious emails
  • Phone Phishing (Vishing):Phishing over a phone call/voicemail
  • SMS Phishing (Smishing):Phishing over text
  • Spear Phishing:Phishing attacks targeted towards a specific person/group

 

What are the signs of phishing? 

There are many indicators that hint towards an email, text, or phone call being a scam. Although some of these apply specifically to emails, many of these apply across the various types of phishing. These factors include: 

  1. The sender’s email address doesn’t match their name and/or attempts to impersonate a reputable brand/organization
  2. Spelling/grammar mistakes
  3. Generic/broad greetings (for example, saying “Greetings PayPal Customer”)
  4. Unusual branding, such as blurry or incorrect logos
  5. Fake website links/URLs. Be sure to hover your mouse over any links to check where they go to, and that they match the context of the email. As an example:

 

  1. Invoking strong emotions such as urgency or fear
  2. “Too good to be true” deals or promotions
  3. The context of the email is unusual/insecure (for example, being asked to send your password over email)


What should you do in the event of a phish? 

If you encounter a phishing email, or an email you suspect is a phishing email, it is important not to engage with the contents of the email in any way. Instead, please use the Report Phish button found in your Regent-provided email. The icon will look like this: 

 

In the event that you may have clicked on a phish, please let security know immediately at [email protected] so we can investigate further and assist you as quickly as possible.  

 

What are some examples of phishing that I might see? 

Example 1: You receive the following text message: 

 

 

Upon further inspection, you determine this is an SMS Phish (smish) attempt based on the following characteristics: 

  1. The phone number is unusual based on thesupposed senderof the message.
  2. The broad introduction of “Regent University student”.
  3. Spelling mistakes in the words “Chancellor” and “tuition”.
  4. Using the idea of tuition refunds to persuade you to call the attacker.
  5. Regent University and its Chancellor would not text you individually.

In this example, you should NOT text or call the phone number. You should block the phone number and report it as malicious if possible. 

 

Example 2: You receive a phone call from 403-182-7203. On the other end of the line is someone claiming to be an IT Help Desk employee at Regent University. The employee notifies you that your account will expire soon and asks that you provide them with your password so they can change it for you.  

In this example, you should not engage with them further and hang up the phone. The phone number is not associated with Regent University. Employees at Regent University will never ask you for passwords or Multi-Factor Authentication (MFA) codes over the phone. If you want to double check your account, you should find the phone number for the IT Help Desk on Regent’s website and use that phone number to reach us. 

 

Example 3: You receive the following email: 

 

After taking a closer look, you determine that this is also a phish. The indicators include: 

  1. The generic greeting of “PAYPAL CUSTOMER”
  2. The unusual branding (the enlarged Paypal logo). This may indicate brand impersonation
  3. The email address being “paypall” instead of PayPal
  4. Using the fear of your PayPal account gettingdeletedto click on a malicious link
  5. The URL is impersonating PayPal (c0m instead of com, an uppercase I instead of a lowercase L).

In this example, you should stop, report the email as suspicious using the Report Phish button, and ignore or delete the email. If you have an actual PayPal account, make sure you use the actual PayPal URL instead of the link provided by the email to do a check of your account.  

 

Where can I find more information about phishing? 

For more information about phishing, Norton has a helpful article showing visual examples and breaking down how each email is a scam. Google also has an interactive quiz that you can complete to interact with and learn more about phishing.