Phishing is a form of social engineering that uses email or malicious websites to solicit personal information or to get you to download malicious software by posing as a trustworthy entity.

Types of Phishing

•Spearphishing: Phishing targeted at an individual by including key information about them

•Whaling: Phishing targeted at a high-profile individual to steal sensitive and high-value information

•Vishing: Phishing via voice communication to entice the victim to engage in conversation and build trust

•Smishing: Phishing via text messages to get the victim to click on a link, download files and applications, or begin a conversation

Simple Tips

•When in doubt, report it out: If it looks suspicious, it’s best to mark it as “junk” and forward to your IT staff.

•Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for PII.

•Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; hover your cursor over links in the body of the email—if the links do not match the text that appears when hovering over them, the link may be spoofed.

 Signs of Phishing

•Suspicious sender’s address that may imitate a legitimate business

•Generic greetings and signature and a lack of contact information in the signature block

•Spoofed hyperlinks and websites that do not match the text when hovering over them

•Misspelling, poor grammar or sentence structure, and inconsistent formatting

•Suspicious attachments or requests to download and open an attachment