Iowa State University

ITInformation Technology

Phishing, not fishing. Here is what you need to know.

This blog entry expired August 30, 2017. It may contain out-of-date information.

Fishing is a leisure activity involving bait and a fish, but phishing is an increasingly-common cyberattack where cyber criminals provide the bait and users act as the fish. Phishing attacks steal personal information by impersonating an organization in an attempt to gain trust and ultimately take advantage of a user. Email is the most common form of a phishing attack, but other forms include phone calls and text messages.

It can be simple and quite convincing. An email crafted to resemble a well-known organization is sent asking the user to click the hyperlink listed in the message, or provide a user name and password to verify an account. There usually is some sort of urgency in the email to make it seem all the more real. Common phrases used in phishing scams are:

  1. You need to verify your account immediately
  2. If you don’t take action, your account will be cancelled
  3. Click this link to update your information

If a user clicks a link, or provides a username and password, the cyber-criminal can access the user’s account resulting in stolen information or worse. Here are some tips to avoid falling victim to a phishing attack:

  1. Always go directly to the original website rather than clicking a link provided in an email
  2. Never provide a password or username within an email or over the phone
  3. Check the url of the link provided in the email to see if it is one you recognize
  4. Always be cautious, cyber criminals are looking for ways to trick users and it only takes once!

If you are a victim of a phishing attack or think you may be at risk, please contact the Solution Center for more information on what to do next.