Phishing is when criminals send malicious or misleading e-mails in an attempt to gain your information (e.g., login info, credit card details, money, etc.) for criminal use. Criminals try to acquire personal and financial information, as well as sensitive University information and resources. They may use e-mails to infect computers with ransomware or Malware. Malicious e-mails often use urgent language, ask for personal information, and/or have grammatical, typographical, or other obvious errors
Recent Phishing Alerts
Check the Security Alerts for recent phishing campaigns.
Phishing scams are designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., e-mail, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via e-mail.
Tips to avoid phishing:
- Do not click on links in e-mail.
- The safest practice is to read your e-mail as plain text.
- If you choose to read your e-mail in HTML format:
- Hover your mouse over the links in each e-mail message to display the actual URL. Check whether the hover-text link matches what's in the text, and whether the link looks like a site with which you would normally do business.
- Before you click a link, check to see if the message sender used a digital signature when sending the message. A digital signature helps ensure that the message actually came from the sender. You should remain vigilant in recognizing the warning signs of phishing scams.
The following articles will help you to identify phishing attempts.
- How to recognize Iowa State e-mail from phony look-alikes
- Phishing examples - Can you spot the difference
- Manage and Organize your Exchange Inbox
The following videos will help educate you on how to become more Cyber and Phishing aware.
- Cyber Security video from ISU IT Services - Don't Be Fooled
- Cyber Security Awareness - Phishing Attacks - from SANS.org
If you received a suspicious e-mail:
Report the e-mail to the Solution Center.
If the Phish impersonates an Iowa State address or service:
Forward the entire message with full e-mail headers to firstname.lastname@example.org.
Note: For CyMail users, if your message is rejected when you report spam or phishing to email@example.com:
- In the message you would like to report, click the down arrow next to the Reply arrow and select Show original.
- In the Original Message screen, click Download Original to download the page as a .txt file.
- Compose a new message, attach the file you downloaded, and send the new message and attachment to firstname.lastname@example.org.
If you are a CyMail user:
Report the phish to Google by using the report phishing option.
If you receive a phish impersonating another institution or business:
Contact the real organization to let them know. e.g., a bank, retailer, or other institution.
Recover from Phishing
If you gave personal information to a phishing e-mail or on a suspicious webpage, your account may be compromised.