Phishing is an attempt, usually made through a fraudulent email, to steal personal information from you. Most times you may not recognize who has sent you a phishing email, but it could be from an organization you actually know. We've posted links to some real phishing messages received by EMU community members on the Known Scams page.
The email could even appear to be from 'someone' you know. In this case, they could be specifically targeting 'you' with the thief greeting you by name and asking for your personal information, such as, credit card number, social security number, EMU NetID* or password. This type of a targeted attempt is known as Spear Phishing.
Here are some things to look for in an email that may indicate a phish:
- Generic greeting. Phishing emails are usually sent in large batches. Internet criminals may use generic names like "First Generic Bank Customer." If you don't see your name, you should be suspicious immediately.
- Send you to a web page. Phishing emails will almost always tell you to click a link that takes you to a web page where your personal information is requested. Legitimate organizations would never request this information of you via email.
- Forged link. Roll your mouse over the link and if it doesn't match what appears in the email, don't click on it. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https", don't proceed.
- Requests personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
- Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast.
- Unsolicited Job Offers - These scams will usually ask you to correspond via private email, IM or text message. Always be leery of companies who promise money for little to no work, offer a job with no interview as well as those who request bank account/routing information or send you a check and ask you to deposit it and send a portion elsewhere. Legitimate EMU jobs do not ask you to use personal email for communications or personal banking accounts for business purchases. Most often, these types of scams enlist students into a bank fraud scam leaving the student liable for their spending on behalf of the "employer".
If you spot a potentially malicious email or if you are unsure whether an email is legitimate, please forward it to [email protected] so we can review.
If you believe you have been been the victim of a phishing campaign, change your password immediately and contact the Help Desk at 734.487.2120 to report the incident. You may need to change your passwords on other sites too if the information you provided could be used anywhere else.
*formally my.emich username