• Phishing emails and text messages may look like they're from a company you know or trust. Logos, graphics, and catchphrases can make a message appear to be from a bank, credit card company, social networking site, or another business you use or are familiar with.
• These scams may tell a story to trick you into taking action by clicking on a link or opening an attachment. 
  • These messages may include urgent warnings about your accounts, such as:
    • your account will expire soon
    • your account is on hold
    • you need to reset your password
    • reports of a suspicious activity or log-in attempts 
  • Other motives may ask you to collect a prize or correct a problem:
    • provide a fake invoice or document that requires attention
    • request that you register for a refund
    • ask you to update your payment detail
  • Other warning signs include:
    • The email doesn't specify your name. "Dear Customer" isn't an identifier. If you receive an email that starts like this, there is a very high chance that this is a phishing email.
    • Sometimes, the emails also mention your name using high-level software for targeting you. 
    • The email asks you to confirm personal information. Do not reply or click any links and if you think there is a possibility that the email is genuine, you should search online and contact the organization directly and do not use any communication method provided in the email.
    • Threats that your account will be closed, they say they have proof that you are involved in certain criminal activities or that you owe the IRS money. Whenever you see urgent demands like this, always look online to find the official website or numbers, then contact them to verify the situation. Do not click on the links or call the numbers they provided.
    • If you receive an unexpected email about a lost package, security warning, or billing change, do not click the link. Simply visit the online store or service the way you normally would. If there is really an issue, you will see a notification there.

Protect Yourself from Phishing Attacks

1. Protect your computer by using security software. You should set up automatic software updates so that your computer remains protected.
2. Protect your mobile phone by setting software to update automatically. These updates provide critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to your account, known as multi-factor authentication, such as Duo Multi-factor Authentication, which Rice University uses for many of our services. Multi-factor makes it difficult for scammers to log in to your accounts even if they find out your username and password.
4. Protect your data by backing it up. Back up your computer and phone data to secure storage.
5. Do not click on any links and do not open any attachments contained in a suspicious email. Do not enter personal information on a pop-up screen. Legitimate companies, agencies, and organizations never ask for personal information via pop-up screens.
6. Never share passwords, personal information, or financial information over email. You should only provide private information such as credit card numbers or account information using a secure website or telephone. Email is not a secure way to send sensitive information.

If You Suspect a Phishing Attack