Topics Map > •Security & Safe Computing > •Security Awareness & Education

ISO: Recognize, Report and Avoid Phishing Scams

Tips for avoiding scams via email or text messages, which try to trick you into revealing account or personal information.

    

Recognize Phishing Scams

Phishing is when malicious individuals use email or text messages to collect your personal information. These scammers attempt to steal passwords, account numbers, social security numbers, and personal data in order to gain access to your email, bank, or other accounts including your Rice accounts. The term phishing is a spin on the word fishing because criminals are dangling a fake lure (the email or website that looks legitimate) hoping readers will bite by providing the information the criminals have requested.
Be wary of these scams in both your personal and work communications, including phone calls. Thousands of phishing attacks are launched daily. Scammers update their tactics often but here's a few general ploys:
  • Phishing emails and text messages may look like they're from a company you know or trust. Logos, graphics, and catchphrases can make a message appear to be from a bank, credit card company, social networking site, or another business you use or are familiar with.
  • These scams may tell a story to trick you into taking action by clicking on a link or opening an attachment. 
    • These messages may include urgent warnings about your accounts, such as:
      • your account will expire soon
      • your account is on hold
      • you need to reset your password
      • reports of a suspicious activity or log-in attempts 
    • Other motives may ask you to collect a prize or correct a problem:
      • provide a fake invoice or document that requires attention
      • request that you register for a refund
      • ask you to update your payment detail
    • Other warning signs include:
      • The email doesn't specify your name. "Dear Customer" isn't an identifier. If you receive an email that starts like this, there is a very high chance that this is a phishing email.
      • Sometimes, the emails also mention your name using high-level software for targeting you. 
      • The email asks you to confirm personal information. Do not reply or click any links and if you think there is a possibility that the email is genuine, you should search online and contact the organization directly and do not use any communication method provided in the email.
      • Threats that your account will be closed, they say they have proof that you are involved in certain criminal activities or that you owe the IRS money. Whenever you see urgent demands like this, always look online to find the official website or numbers, then contact them to verify the situation. Do not click on the links or call the numbers they provided.
      • If you receive an unexpected email about a lost package, security warning, or billing change, do not click the link. Simply visit the online store or service the way you normally would. If there is really an issue, you will see a notification there.

Protect Yourself from Phishing Attacks

  1. Protect your computer by using security software. You should set up automatic software updates so that your computer remains protected.
  2. Protect your mobile phone by setting software to update automatically. These updates provide critical protection against security threats.
  3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to your account, known as multi-factor authentication, such as Duo Multi-factor Authentication, which Rice University uses for many of our services. Multi-factor makes it difficult for scammers to log in to your accounts even if they find out your username and password.
  4. Protect your data by backing up. Back up your computer and phone data to a secure storage.
  5. Do not click on any links and do not open any attachments contained in a suspicious email. Do not enter personal information on a pop-up screen. Legitimate companies, agencies, and organizations never ask for personal information via pop-up screens.
  6. Never share passwords, personal information, or financial information over email. You should only provide private information such as credit card numbers or account information using a secure website or telephone. Email is not a secure way to send sensitive information.

If You Suspect a Phishing Attack

If you are suspicious that an email is a scam but want some guidance BEFORE YOU REPLY OR CLICK on LINKS, contact the OIT Help Desk. Consultants can offer assistance.
If you are sure you received a phishing email, report it. This information can help fight against scammers.
  1. If you receive a phishing or suspicious email, send the original message to the OIT Help Desk: helpdesk@rice.edu 
  2. Some of the latest phishing campaigns at Rice are posted: https://iso.rice.edu/phish-bowl
For more information, refer to Information Security Office.

See Also:




Keywords:spam phishing email mail messages scams steal bank accounts identity personal information fish scam   Doc ID:93449
Owner:Kim W.Group:Rice University
Created:2019-07-30 19:38 CDTUpdated:2022-05-12 10:49 CDT
Sites:Rice University
Feedback:  0   0