Information Security Office

Phishing


Phishing scams are designed to gather information and normally arrive via email. They may appear to be legitimate such as from a bank, eBay, Paypal, university or Internet service provider. They are deliberately designed to get someone to act without thinking, which is known as social engineering. This non-technical method unfortunately works and the reaction is to "take the bait."

Right To the Point

Do not respond or click on the included URL's.

If the email raises suspicions existing accounts or affiliations, use YOUR OWN DOCUMENTATION for contact information. Do not use phone numbers included in the email because these may be fraudulent!

Look at the following for warning signs and be skeptical when receiving unexpected email with these signs:

Email "claiming" to be from BGSU: Information Technology Services does NOT request sensitive account information via email. Contact the Technical Support Center at 372-0999 for questions regarding email or other accounts.

Urgency: These contain language designed to get you upset and react quickly. An example is "You must click below or your account will be cancelled immediately!" If it appears to be from a familiar business or affiliation, use your own documentation and initiate contact to see if there is a problem with your existing account.

Misspellings, poor grammar & punctuation errors: These are classic signs of a fake and look for other obvious problems. Don't be fooled by the graphics and mistakes may be there also.

Non-specific greetings: These may be generic such as "Dear eBay Member" or "University Student." Sometimes there is no greeting at all which is suspicious.

Request for Personal Information: Legitimate do not (or should not) ever initiate contact for personal information. Do not click on links or provide requested information via email such as account user names, birthday, Social Security number or date of birth.

URL's that don't match: WITHOUT clicking, hold mouse over included URL links and look for discrepancies of printed links.

If it sounds too good to be true, it probably is: Often email users will respond to phishing email after raised suspicions of easy money or claims of winning a lucrative contest (that you have not entered.) It pays to be skeptical.

Ignore Bogus Claims of Security and Privacy: Sometimes language such as "Your Security and Privacy are important to us.." to ignore some of the previous warning signs. Use caution.

To learn more about phishing and avoid ways to get "hooked.":

Email Phishing Information
Phishing Resources