Phishing Emails: Don't Take the "Bait"

Detail

 

Hackers Are Trying to Reel You in Through Email

Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. More than 90% of data breaches start with a phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate person or organization. They attempt to trick the recipient into downloading harmful attachments or divulging sensitive information, including passwords, bank account numbers, and social security numbers.

Phishing scams can have a number of different goals. They may attempt to:

  • Target your cash and payment card data
  • Gain control of your computer and local network resources
  • Gain access to your University Computing Account and resources

Phishing scams typically attempt to take advantage of you by:

  • Delivering file attachments that can infect your computer with harmful software
  • Enticing you to click on links to websites that infect your computer with harmful software
  • Tricking you into sharing your username and password so hackers can gain access to your network or other sites

 

Reporting a Phishing Scam

Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our security team. We will examine the email and, if necessary, advise you of any further steps you may need to take.

Preferred Method: KnowBe4 Phish Alert Button (PAB)

The best way to report a suspicious email is to use the KnowBe4 Phish Alert Button (PAB). The PAB is available in Outlook across desktop and mobile platforms and allows you to report phishing emails directly to Pitt Digital's security team in one click. It automatically removes the email from your inbox and preserves the full message metadata needed for investigation. For instructions on how to use the PAB, see Reporting Phishing Emails Using KnowBe4's Hybrid Phish Alert Button.

Look for the hook: 

Uploaded Image (Thumbnail)

Alternative Method: Microsoft's Built-In Report Button

If the PAB is not available to you, the next best option is to use the built-in Report button in Outlook. View Microsoft's documentation on where to find "Report Phishing" in your version of Outlook.

Last Resort: Forward to phish@pitt.edu 

If neither of the above options is available to you — for example, if you are not using Outlook — you may forward the suspicious email as an attachment to phish@pitt.edu. Reporting as an attachment is a critical distinction, because it retains the metadata of the message. A standard forward is not recommended and could result in automated security actions being taken on your account.

Please note: Do not forward spam messages to phish@pitt.edu, and do not use this address to ask questions. Only forward emails you suspect are phishing scams.

 

Learn to Spot a Phishing Scam

Email and Phishing Training Course

Learn how to protect yourself from phishing scams, how phishing attacks work, and how to recognize and respond to one—take the Pitt Digital Phishing Foundations interactive mini-course through KnowBe4.

Phish Like Spam

Spam is unwanted "junk" email that can quickly fill your email inbox. Never respond to a spam email or click on a link in a spam email message. Doing so validates your email address to the spammer and increases the likelihood of you receiving still more spam. 

Most of the time, spam is annoying, but harmless. However, sometimes what appears to be just a spam message is actually a phishing attempt. Trojan horses and other malicious software are often attached to spam emails. These emails also sometimes contain links to websites that will download software intended to compromise your computer. So beware of spam emails!

Can You Pass Our Phishing Simulation? 

The University has implemented a new phishing awareness program that will periodically send you simulated phishing emails designed to imitate a real scam. These simulated scams are completely safe and there are no negative consequences if you mistakenly reply to a simulated phishing message. If you are fooled by a simulated scam, we recommend that you review the brief educational material presented afterward.

Print Article

Related Articles (3)

Manage Your Spam Emails with Exchange Online Protection
This article contains helpful information concerning the University's Enterprise Spam and Virus Filter Service, which helps you manage unwanted mass mailings (spam),
messages with malicious payloads (viruses), amd messages with links that will steal information or download malicious software (phishing).
Reporting Suspected Security Incidents
Pitt Digital security professionals help protect the University's computer systems by responding to compromised computers and other security incidents. Pitt Digital works with departments to quickly respond to security incidents that compromise a computer or server, or result in the unauthorized disclosure of University Information.
Social Engineering and Phone Scams
Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering applies to trickery used for information gathering or computer access and in most cases the attacker never comes face-to-face with the victim.

Related Services / Offerings (1)

Security Awareness and Training (KnowBe4)
SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.