School’s in Session: A Guide to Avoiding Phishing Scams This Academic Year

The start of another exciting school year brings a flurry of essential communications to keep us in the loop. However, it's important to stay vigilant against potential phishing attacks that may be lurking in our inboxes.

Phishing occurs when a cyber attacker employs email or messaging services to deceive you into taking actions like clicking on links, sharing sensitive information, or opening infected attachments. Falling victim to such attacks could result in the theft of highly confidential data or the infection of your computer. Cyber attackers put effort into making their phishing attempts convincing, such as mimicking familiar senders or organizations and using authentic-looking logos or spoofed email addresses to appear legitimate. Stay alert to the signs of a phishing attack to protect yourself and the University.

  • Be cautious of messages with generic greetings.

  • Watch out for emails claiming to be from the University or official organizations but containing grammar or spelling errors or originating from personal email addresses like @gmail.com.

  • Be wary of messages pressuring you to bypass University security protocols. These often occur when attackers pose as your supervisor or colleague.

    Avoid responding to messages requesting sensitive information or linking to forms asking for confidential details like credit card numbers or passwords.

  • If an email seems suspicious, odd, or too good to be true, it might be a phishing attempt.

  • If a message appears to be from someone you know but the tone or content seems off, verify with the sender through a trusted phone number.

  • Prior to clicking on a link, hover your mouse over it to reveal the true destination and ensure it matches the email's stated destination. Consider typing the organization's website address directly into your browser for added security.

  • Exercise caution with unexpected attachments, as infected email attachments are a common attack vector that may evade antivirus detection.

Practice safe email and messaging habits, and remain alert to phishing attempts. If you encounter a suspected phishing email or message, or are uncertain about its legitimacy, forward it to [email protected] and report it using the report feature in Outlook.

Adapted from SANS Institute, Phishing
September 2024, ec


Source URL: https://security.virginia.edu/Avoiding_Phishing_Scams