What is Phishing?
Phishing is the deliberate attempt by a bad actor to get information from the user. This is usually done by crafting an email that looks legitimate, fooling the user into clicking a link, and tricking them into entering login information. Phishing is an attempt to get the user to react and not verify the sender or the need for the information they are requesting.
How can I tell if it’s phishing?
The easiest ways to tell if an email is a phish are:
- The sender is unknown – not just the person’s name (that can be “spoofed”) but the address will be from somewhere other than Widener.edu
- The content is something that wasn’t expected; a document from some mystery colleague, a job offer from a non-university source, an update from “IT”
- It threatens lockout or account closure, asks you to “confirm” your account, or asks you to increase your storage limit (ITS doesn’t do those things)
- It has a link that goes to some bizarre address (remember that the text can be different words than the destination)
- Anything that’s just straight-up weird
Is it a PHISH?
- Passwords are requested
- Haphazard request without announcement of ITS changes posted (to accompany email) by ITS in My.Widener
- Immediate response required (urgent timeline, deletion or deactivation of account threatened)
- Sensitive data is requested: birthdates, bank information, Social Security Numbers, etc.
- HTML links or emails are not Widener.edu addresses
Report Phishing
Report all phishing emails (or any weird email) to phish (at) widener (dot) edu
