Phishing refers to sending an e-mail that tricks someone into clicking on a link or opening an attachment. The end goal of phishing is to steal valuable information, such as usernames and passwords.

 

The WorldVia Information Security Team values the assistance of WorldVia team members in our ongoing battle with phishing messages.

 

Most phishing messages are harmless if handled carefully. Below are some tips to help identify and properly react to a spam/phishing message.

 

Phishing messages often:

  • Bad spelling and grammar: Simple phishing emails are often poorly written. If the content of the e-mail doesn't line up with what you'd expect from the sender, beware!
  • Deceptive links: Move your mouse over any of the links in the e-mail, without clicking. You should see the address where the link will take you:

Example of hovering over a link

If it's an e-mail from your bank, but the link doesn't display your bank's website, don't click.

  • Sense of urgency: Is the e-mail claiming that you missed a package delivery, or telling you that your e-mail account will be suspended? Be careful - somebody may want to worry you into clicking on a malicious link. When in doubt, pick up the phone or type the address of the organization into your web browser.
  • No name in the e-mail: Is an e-mail starting with Dear Customer but not including your real name? Chances are the fraudster who doesn't even know who the e-mail account belongs to. Don't click.

If you receive a suspicious message in the future that doesn't appear to come from an internal address, you can safely delete it or use the Outlook Phish Alert add-in to report the message as phishing to Microsoft. This helps all users of Microsoft email identify and block unwanted/malicious emails. By reporting it to Microsoft, you're helping to ensure that you and others receive fewer spam and phishing messages in the future.

 

Phish Alert Outlook Add-In (Desktop Application)

Phishing ALert button in outlook

 

Phish Alert Outlook Online (Web) - Found under the "More actions" dropdown. 

PhishAlert-MoreActions

 

Found near the bottom of the list

PhishAlert-DropDown

 

If you have any questions, please email [email protected]


Tips

Phishing attacks range from very basic, crude attempts to get you to send information to someone by e-mail, to elaborate, very convincing schemes involving multiple web pages, e-mails, and seemingly genuine automated responses.

 

So how do you protect yourself? Here are some easy tips:

  1. Do not reply to an e-mail asking you for personal or financial information.

No reputable bank, credit union or company will ever ask you for sensitive information in an e-mail. When in doubt, contact the entity that sent it to verify it is genuine.

 

  1. Never trust any links contained in such e-mails. Always type in the web address of the bank or company yourself.

This protects you from fake web addresses that appear to come from the real source but actually redirect you to the scammer's fake web page. Remember that many of these fake web pages look very convincing and may contain actual links to some parts of the real organization's web site to appear legitimate.

 

  1. If you believe you've been scammed, file a complaint with the Federal Trade Commission (FTC), then visit the FTC's Identity Theft website.

Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

 

Don't forget to change your account password if you think it may have been compromised. This is especially true if you have responded to a phishing attempt - change your password right away.