WHAT IS PHISHING?

 

Merriam-Webster describes "phishing" as the following:

 a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly

The Anatomy of a Phish:  How does it happen?

You get an email that looks generally benign, maybe even a little bit official.  Below you'll see one that is common at ESU.  It includes Microsoft Teams, so it looks official, right?  So, you click the link.

A Microsoft Teams email that is really a phishing attempt.

After clicking the emailed link, the web browser opens and loads what appears to be a legitimate website. In this example the hacker has linked to a webpage that mimics a Microsoft Teams login page. It features a lot of Microsoft branded graphics and colors to add to the effective deception.

Teamslogin.jpg

If you attempt to login, you've just handed your username and password over to a malicious website.

The question is--how can we identify malicious login sites? Sometimes this is very difficult to do.

 

If you're going to log in to a website or service go to it's official homepage and log in from there.  Don't follow the link the email!

If it's a website you use frequently, use a bookmark or a link you've used in the past.

If it's an ESU-provided service, you should be able to get to it from Hornet 365 (hornet365.com)!  If not, let us know!

 

And if you're not sure you can always give us a call at the IT Help Desk to find out for sure!

If you find it, REPORT IT!

If you suspect a phishing email, even if you find info on it right here on our site, report it to us and to Google (if you're using your student Gmail).