What is "Phishing"?
"the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public."
- Check that you know the name of the person sending the email. Even if the name on the email is familiar, that's not enough. Anyone can create an email account with a name that you know.
- Check that the email is coming from our domain (...@manhattan.edu). In this example, the email is coming from "...@manasquanboe.org". That's a huge clue that something is not right.
- Do not click on suspicious links. First, hover over links to see where they point. Links can be deceptive. A link can say one thing, and point to a totally different website. For example, this link points to the ITS website. The text claims that the link points to our ITS website, but it doesn't actually point to the ITS website. Tip: Hover over links before clicking on them. When you hover over a link, the website that it points to will appear in the lower left hand corner of the browser window. If the website does not look legitimate, do not click on the link.
- Make sure the email has our ITS Footer. The "ITS help desk, ADMIN TEAM" in the example above is not what an email from us would look like. Our emails will always include the following red footer: