“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
Have you received an email containing a line similar to the one above? If so, you may have been subject to phishing. Phishing is a form of theft which intends to steal your private data such as credit card information, username and password, or bank account information.
A phishing attack is usually sent by email and contains a malicious link or attachment which appears to lead to a legitimate website. The website will either ask you to input your private information such as username and password, or will install malicious software without your consent.
HOW TO SPOT PHISHING
Phishing attacks can take many forms, below are examples of some of the tactics that are used during a phishing attack:
- Urgent request. A common tactic is to threaten the recipient with account closure if they do not perform the requested action. For example, the phish will threaten to close your bank account if you do not login and update your information.
- Requesting private information. A phish will generally ask you to insert your username and password or other sensitive information such as your credit card number.
- Spelling mistakes and poor grammar. Communications from professional sources will usually go through an editing review before being published. If you spot more than one spelling mistake, be wary.
- Links. The message will request you to go to a website which appears legitimate. Make sure to check the link before clicking by hovering over it.
HOW TO DEAL WITH PHISHING
- Use common sense. Do not share your private information without double-checking the source. IT will never ask for your password over an email, nor will your bank.
- Do not click on a link in an email. Simply copy and paste the link into your browser so that you are not redirected to the wrong address.
- Do not share your private information if you are suspecting a phish.
- Report the phish. Send an email to IT Helpdesk or call 808-0900 to report a phish in order to protect your fellow KAUST community members from falling into a phishing scam.