InfoSec: Phishing

Phishing or spoofing is when the recipient of a fraudulent email is tricked into disclosing personally identifiable information (PII), such as their username and password, social security number, date of birth, and/or credit card numbers. Although most phishing scams are received through email, they can also come in the form of a text or a phone call (a.k.a. vishing).

Phishers are adopting more sophisticated methods of phishing. For example, an email may contain a familiar logo or design element, it may appear to be coming from someone in the DePauw community (such as a vice president or president), or it may mention a recognizable program (such as the Hubbard Center or Management Fellows).

Keep in mind that a message that looks suspicious probably is suspicious!

How to recognize a phishing email

  • The email is unsolicited and will ask you to confirm or provide personal information, such as your username and password, social security number, date of birth, and/or credit card numbers. Legitimate institutions never ask for this information via email or text.
  • The message contains a link to a spoofing website that looks real but does not match the name of the institution that it is claiming to represent.
  • The language or tone used is typically urgent or exciting and creates a sense of urgency. For example, they may threaten to close your account if you do not respond.
  • There is a file attached that you are asked to open. Although it may look like a legitimate file, it may be an executable file that downloads malware or other harmful viruses.
  • The email has an unusual From or Reply To address instead of an @depauw.edu address.
  • The message may have grammatical, spelling, or other editing errors.

Tips to reduce getting phished

  • Only enter your username and password when you initiate the action. For example, browsing to https://my.depauw.edu/e/ and logging in is fine because it is a legitimate system.
  • Only provide information over a secure website to people you know and who have the authority to request the information. For instance, forms created in a location such as a DePauw Google Account will have a secure Web address that starts with https://docs.google.com/a/depauw.edu and you must be logged into your DePauw Google Account to access the form.
  • Keep your virus protection software, browser, and operating system up-to-date with the latest recommended security patches and updates.
  • When you receive suspicious or unsolicited emails, never click on any links, never open attachments, and never reply with personal information.

Report phishing emails

When you suspect you have received a phishing email, forward it to HelpDesk@depauw.edu and then click the Report spam button in your email to remove it from your inbox.

Additional resources

Google: Prevent & report phishing attacks

The Chronicle of Higher Education: Phishing Scheme Targets Professors’ Desire to Please Their Deans — All for $500 in Gift Cards

Updated: 3/5/2021