Phishing is a method of obtaining sensitive information, such as usernames and passwords, Social Security numbers, and banking information, for malicious reasons by disguising an electronic communication as coming from a trustworthy person or organization. The malicious person “fishes” for a victim to perform an action by “baiting” the victim with what appears like a legitimate and trustworthy email or instant message. The victim often is directed to enter their information into a fake website that looks identical to a legitimate one. Communications purporting to be from social media websites, auction sites, banks, online payment processors, or information technology administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.
The best way to protect yourself, your family, and the University is to make sure everyone is aware of what phishing attempts look like. Generally, phishing attempts implement social engineering and fear tactics to get you to become a victim. Also, if the offer seems too good to be true, it probably is. You always should thoroughly examine any email asking for confidential information, especially of a financial nature. Many phishing scams have obvious signs of fraud such as poor spelling or grammar. And, lastly, if you are unsure about a message, try calling the sender or visiting its website without clicking on links or attachments in the message by searching for it online or typing its website directly into your browser. Never reply to the phishing attempt, as you would be confirming to the criminal that your email address is valid and you are reading your messages.
If you think an email or instant message on your work computer is a phishing attempt, you should notify Campus Security and Compliance at email@example.com and/or your school/departmental IT staff. You may not be the only one to receive the phishing attempt, and sharing with others may stop them from falling victim. Also, you can forward suspected spam emails to DL-CITSReportSpam@umaryland.edu.
If you have become a victim and disclosed your username or password, immediately contact Campus Security and Compliance at firstname.lastname@example.org so that we can disable your account to prevent unauthorized account access. Acting quickly could stop the criminals before they have a chance to hijack your account.