What is Phishing?
Phishing is a technique used by criminals to steal personal or financial information such as your passwords, date of birth, credit card details, etc. Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving up personal or financial information by making what looks like a legitimate request from an organization you trust. These might look like they are from a bank, credit card company, or even UCD. Unfortunately, phishing scams can be highly effective and numerous students and staff have been tricked. Please remember IT services will never ask you for your password.
Take UCD's Phishing Challenge today
Take UCD's interactive Phishing Challenge today to see real examples of phishing emails, spot fake URL's and find out how to avoid being scammed. It only takes 5 minutes and can save you hours of stress.
How to Spot a Phish
According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. The following are a few ways to identify various types of social engineering attacks and their telltale signs.
Phishing isn’t relegated to just e-mail! Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seems too good to be true? Then it is probably a phishing attack.
Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Then delete it or mark it as spam.
When you’re suspicious, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of the university. Cybercriminals often spoof real addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in the staff directory to confirm the request.
Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other tell-tale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
Never share your password. Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. UCD's help desks will never ask you for your password.
Always verify web links and never open attachments you were not expecting. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
Verify the sender. Check that the reply address is correct before replying to a suspicous email.
Stranger Danger! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to Telephone Services.
Don’t be tempted by abandoned USB drives. Cybercriminals may leave USB drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a USB drive only to find out the rightful owner, but be wary — it could be a trap.
- Remember, if you think it is suspicious it probably is!
What to do if you think you have been scammed
- Delete it. If you receive a phishing email then just delete it or mark it as spam.
- I have been scammed. Don't worry, it happens to lots of people! Firstly, change your UCD Connect password immediately and then contact the IT Helpdesk. Review our compromised account guide for more details.
- Just hang up. If you get a nuisance or suspicious call then JUST HANG UP. For more advice visit UCD Estates telephone scam guide.