Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
How to spot a phishing message?
When you receive an email message, please consider these points:
- Are you expecting an email of this nature? (e.g. password reset, account expiration, wire transfer, travel confirmation, etc)
- Do you do business with the company or person purportedly emailing you?
- Does the message ask for any personal information (password, credit cards, SSN, etc)?
- Does the message ask for sensitive information about others?
- Does the message ask you to immediately open an attachment?
- Hover your mouse over the links in the email. Does the hover-text link match what’s in the text? Do the actual links look like a site with which you would normally do business?
- Does the “From” email address look like either someone you know, a business you work with, or a proper IU email account?
- Click ‘Reply’ – Does the address in the ‘To’ field match the sender of the message?
If you’re not sure about the legitimacy of an email message, please report it to us and we’ll gladly take a look.
Help, I think I’ve been phished! What do I do?
Follow the guide below for specific steps to take according to the type of information you shared:
I accidentally sent…my username & password.
You should… Change your password immediately!
I accidentally sent…personal information such as: address, bank/financial account number, credit card number or information, answers to security questions, other personal information that can be changed, driver’s license/license plate.
You should…While there’s no way to “unsend” the email, many of these pieces of information are changeable (especially credit card numbers). Contact the appropriate individual or organization. You should also report this as identity theft and take action to protect your accounts.