Phishing

Phishing stands as the most prevalent form of social engineering—a sophisticated tactic in which a threat actor fabricates a compelling narrative to manipulate you into performing actions on their behalf or disclosing private information. 

This deceptive technique primarily occurs via email but can also manifest through text (smishing) or phone calls (vishing).

Keep reading as we dissect an example of a phishing email, breaking down elements to be aware of:

Unusual Sender Email: Always double-check the sender's email address. Official communications should come from a university (or other official) domain, not a free email service like Gmail.

Urgent subject lines: Urgent subject lines in emails can often be a red flag, indicating a potential phishing attempt designed to provoke immediate action.

Generic Greeting: Official emails will usually address you by your full name. Be wary of emails that use generic greetings like "Dear User."

Suspicious Links: Hover over any links to see where they actually lead before clicking. If in doubt, navigate to the official website manually and log in there.

Request for Sensitive Information: No legitimate organization will ask for your username and password via email. Always be skeptical of such requests.ace with your text.

Incomplete Signature: If a name, number, and/or email address is given, cross-check it within the campus community and confirm through official channels that the message is legitimate.

Being aware of these red flags can make all the difference in protecting your personal information. Stay vigilant, double-check details, and when in doubt, reach out to official channels for verification. Secure yourself now and avoid the headache of a compromise later!

If the email raises suspicion, utilize the “Report” button in Outlook or forward it to infosec@uc.edu for further review.