Phishing Email Information: What is Phishing? How do I avoid a Phishing scam? I think I've been scammed. What should I do?
Email Scam (Phishing) Advisory
The Gannon ITS department will never ask for personal information, such as your network password or social security number through an email. If ITS had an important message to get across regarding your email you would more than likely find it on my.gannon.edu. ITS would never send out an email asking you to click a link to deactivate your account or click a link to enter in your Gannon information.
What is Phishing?
Phishing is an identity-theft scam that uses "spoofed" or fake emails and Web sites to trick people into giving out personal information, such as credit card numbers, usernames and passwords, or social security numbers. Phishing is usually done by hijacking the brand identity of a bank, university, legitimate company, or an online store in a spoofed email that is sent to large numbers of people. The email will usually contain a link to a Web page designed to look just like a legitimate company's site. A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes.
How do I avoid a Phishing scam?
Always be suspicious of e-mails asking for sensitive information.
Remember that e-mail is not a secure form of communication. Organizations you do business with already know your account information and will never request it from you in an e-mail. Phishers will usually include false statements that are designed to increase urgency and try to make you give up your information more quickly, such as "Your account is going to be terminated unless you respond immediately."
Never respond to an e-mail request for personal information.
Always error on the side of caution. Look at the “From:” field in the e-mail. If the organization name does not match the “Reply To:” organization name, the message is probably spoofed (falsified). For example, a message from a local credit union or bank would not have a reply e-mail address ending in "yahoo.com". If you ever need to provide personal information like a credit card number, make sure you are using a secure, trusted web site or, if on a phone call, be sure you are the one that initiated the call to the company and not the other way around.
Never follow the links in an e-mail you suspect might be phishing.
If you are unsure about a link to a site you receive in an e-mail, “hover” your cursor over it. If the link text in the e-mail doesn't match the link address, do NOT click it. Log directly onto the company’s web site or call the company. Most companies will know if there is a phishing scam involving their company and be able to verify if the information in the e-mail is real or not.
I think I've been scammed. What should I do?
Immediately change your password and contact the Help Desk.
Please do not hesitate to call the Help Desk at 871-7501 if you are unsure about any emails.