What is phishing?
Phishing is an attempt made by an individual or group to obtain personal information from unsuspecting users by posing as a trusted organization or individual, such as technical support or one's bank. Commonly, this is done through email messages that are specifically crafted to look similar to actual communications sent by the organization or individual, at times even using real company logos and information. Within the email users may be asked directly to provide specific personal information or they may find instructions directing them to a link that they must click on, leading them to a fraudulent website designed to look legitimate. Once on the site the user is often requested to provide personal information, such as usernames and passphrases, which can be used to assist with future compromises or lead to identity theft. In some cases these fraudulent sites may contain malicious code meant to infect the user's computer with a virus or other form of malware. For more information and examples, see "Document shared with you" phishing emails.
What to do if you fall victim to phishing or think you are being phished?
Email: Forward any possible or known phishing email messages to spam@umd.edu.
Phone: You may also call the IT Service Desk at (301) 405-1500 to speak with a customer service agent about the issue.
- Update your passphrase. If you use the same passphrase for other online accounts, change the passphrase for those accounts.
- Monitor your accounts for suspicious activities.
How to avoid phishing attacks?
United States Computer Emergency Readiness Team – Avoiding Social Engineering and Phishing Attacks
United States Computer Emergency Readiness Team – Recognizing and Avoiding Email Scams
LinkedIn Learning – Avoid Phishing Scams
NOTE: You may need to authenticate using your university credentials before watching the LinkedIn Learning video.