What is Phishing?
Phishing is a technique used by criminals to steal personal or financial information such as your passwords, date of birth, credit card details, etc. Identity thieves try to lure you into giving up personal or financial information by making what looks like a legitimate request from an organisation you trust. These might look like they are from a bank, credit card company, or even UCD. Unfortunately, phishing scams can be highly effective and numerous students and staff have been tricked.
Please remember IT services will never ask you for your password.
Take UCD's Phishing Challenge today
Take UCD's interactive Phishing Challenge today to see real examples of phishing emails, spot fake URL's and find out how to avoid being scammed. It only takes 5 minutes and can save you hours of stress.
How to Spot a Phish
The following are a few ways to identify various types of social engineering attacks and their telltale signs.
- Use the Gmail web client and Gmail mobile app instead of email clients such as Outlook, native iPhone clients, etc. Gmail includes University specific warning messages when it detects that a staff email account is being impersonated or spoofed, such as
Look for the signs. Does the email contain a generic greeting, is it urgent or threatening, has poor spelling or grammatical errors, making an offer that seems too good to be true? Then you should be suspicious!
- Always verify web links and never open unexpected attachments. Get into the habit of typing URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call to verify if you’re suspicious.
Call to verify. Let’s say you receive an email claiming to be from someone you know, a friend, colleague, or even the President of the university. Cybercriminals often spoof real addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the email, call them on a trusted number to confirm the request. Dont trust the contact details in the email as they may also be fake.
Check the reply email address. Phishing emails often impersonate staff details such as names, include photos, company logos, phone numbers, etc. A sender’s email address can be easily faked and can be completely different to the reply email address, so always check the reply address before sending.
Never share your password. Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. IT Services IT helpdesk will never ask you for your password.
- Phishing isn’t relegated to just email! Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seems too good to be true? Then it is probably a phishing attack
- Trust your instincts. If you think it is suspicious then it probably is!
What to do if you receive a Phishing email?
- Open the email in UCD Gmail
- Report the email as phishing in Gmail
- Inform your colleagues
- If you need more help?
- Contact the IT Helpdesk and include the following details
- A screenshot or copy of the email. (The email may now be in your Spam folder)
- The reason why the email is suspicious
- The header information for the suspicious email