How to Detect a Phishing Attack
- Messages creating a tremendous sense of urgency.
- Look for typos or discrepancies in logos.
- Pressure to bypass or ignore our security policies or procedures.
- Read URLs from left to right, the last address is the true domain, for example https://store.amazon- com.example.com/index.html might look like it will take you to Amazon’s website, but in fact it will take you to example.com.
- Offers that seem too good to be true.
- Generic greetings such as "Dear customer" or "Dear Member"
- Emails that are work related but are sent from a personal email address, such as hotmail.com or gmail.com.
- Websites that claim to be secure but do not use HTTPS.
- Requests for sensitive data such as credit card numbers or account passwords.
- The tone or wording of the message does not sound like the sender.
- Sites that begin with an IP addresses instead of a domain name.
ITS Information Security strongly recommends the following for you:
- Visit the ITS Information Security Phishing page (https://its.lmu.edu/secureit/phishing/) to learn more about how to recognize these phishing emails and protect yourself and our organization from getting hooked.
- If you have not taken the ITS Information Security and Awareness Training, now is a great opportunity to reinforce your security awareness. The training is available in Brightspace: https://brightspace.lmu.edu/d2l/le/content/94979/Home.
Think before you click!
If you suspect a phishing attack, report it immediately to firstname.lastname@example.org
If you have any questions, contact the Service Desk at (310) 338-7777 or at email@example.com.