Carnegie Mellon University


January 08, 2020

Phishing: Don't Be the Latest Catch

Email and other forms of messaging services such as Instagram, Skype, WhatsApp, and Facebook are primary methods of communication. These services are utilized by individuals daily for work, as well as to communicate with friends and family in their private lives. Unfortunately, since so many people rely on these messaging services, they have become a primary attack vector used by cyber criminals to gain access to sensitive information in a scheme known as phishing.

What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in electronic communication. 

Phishing messages will typically convey a sense of urgency in order to further increase the targets’ odds of taking the bait. Phishing can come in the form of phony confirmation emails for online purchases, job applications, security notifications, odd supervisor requests, and even legal notices. Some phishing emails can direct the user to a spoofed website that appears to look legitimate in an attempt to steal login credentials and other sensitive information.

How to Spot Phishing

  • Communications or forms requesting sensitive data like passwords or bank account information
  • Language or imagery that evokes a sense of urgency or seems too good to be true
  • Spoofed sender address or links
  • Impersonalized and/or poorly written messages
  • Messages that appear to be from a known entity that seem out of character

How to Avoid Phishing Attacks

Examine the sender of unsolicited, unexpected, or suspicious communications. Always take steps to verify and cross-check the validity of an email requesting information.

Carefully check links. Don't click on links provided by email messages in which you are suspicious. Before clicking, hover over the links with the mouse cursor to check the true URL destination. 

Keep your computer security up to date and back up your data often. A computer and browser with the latest security will help to block malicious spoofed webpages.

Use multi-factor authentication for each account. Multi-factor authentication makes it difficult for an attacker seeking to gain access to your accounts. If a criminal captures your password, your account will remain protected by another layer of authentication.