Tech Tip: What is phishing and how to report it?

Phishing graphic

Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open an unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

If you believe you have been sent a phishing scam, forward the original phish as an attachment in a new message addressed to phishing@psu.edu.

For more information on how to report a Phish or view recently reported phishes, please visit here.