What is Phishing?
Phishing is a fraudulent attempt to obtain sensitive information such as passwords, multi-factor authentication (MFA) codes, credit card details or other personal information. Many of us have become accustomed to being watchful of poorly spelled email addresses and odd file attachments, but phishing is becoming more sophisticated than ever. We can no longer rely on the obvious signs. We must pay attention to the entire context of our online interactions.
How Is It Growing?
Today’s advanced phishing attempts can involve the scammer specifically targeting individuals, researching their backgrounds and forming relationships with these individuals through regular back-and-forth communication, job offers, invitations to fake events and conferences, or links to seemingly legitimate websites and organizations that may be of interest to the person. These links can come through email, text messages, and even personal messaging platforms and social media using fake profiles and Chatbot technology.
According to CNBC, "In October 2022, messaging security provider SlashNext analyzed billions of link-based URLS, attachments and natural language messages [online]….and found more than 255 million attacks...a 61% increase in the rate of phishing attacks compared with 2021 (Violino, 2023).”
Hackers are actively becoming more personal and working harder than ever, including the use of Artificial Intelligence to push out typo-free, more legitimate looking messaging. Additionally, there have been cases of hackers setting up Zoom calls with targeted victims and pasting malicious links directly into the chat during the call (Palmer, 2023). These scam attempts are far more complex and unexpectedly innovative than any we’ve seen in the past.
What Can We Do?
It is important that we stay vigilant when we interact online. Pay attention to the more obvious signs that a communication might be a scam, but also be mindful of just how advanced a scam might be. Think about the context of your communication and consider every detail if you receive a text, email or phone call that seems unusual to you in any way.
Ask yourself some of the following questions when you encounter a suspicious interaction:
Who exactly are you talking to? Is this person or organization familiar, or is this a first-time communication with them?
Was this text, message, email or phone call one that you were expecting? Did this person contact you out of nowhere?
Is this person asking for sensitive information such as financial information, passwords/MFA codes, or are they asking you to log into something using your university credentials?
What if I Am Targeted?
If the attempt is a text or phone call, do not respond and do not engage. Text messages can be deleted and reported as junk directly in your phone’s text messaging app.
If the attempt is an email to your university account, all you need to do is open the message in Microsoft Outlook, click “More Actions” in the top right corner of the message, select “Report” and then choose the appropriate option.
Doing this will help stop mass phishing attempts more quickly for everyone at USF, and you'll also be protecting your own data and devices. Stay safe by staying alert online.
References
Palmer, D. (2023, January 31). Phishing attacks are getting scarily sophisticated. Here’s what to watch out for. ZDNET. https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/
Violino, B. (2023, January 10). Phishing attacks are increasing and getting more sophisticated. Here’s how to avoid them. CNBC