You are here

Beware Phishing and Spear Phishing Attacks!

Sign that say "Danger Phising"
February 15, 2019

Scam artists are now using a targeted version of phishing scams, known as "spear phishing." Don't be their next victim.

A "Phish" email is a type of unsolicited email that is intended to trick you into replying and providing data to the sender (typically a password, banking information, or another type of personal data that can be used to steal resources).

What is a Spear Phishing?

Spear Phishing is targeted Phishing that takes advantage of one or more known pieces of information to tailor the phish to an individual. For instance, the following example was sent to an ITSS staff member. The author may have known that a message appearing to come from the IT Director would be deemed more credible than if it appeared to come from a random source:

  example of Spear Phishing (director to staff member)

How Can I Tell It's a Phish?

There are generally several ways to tell that an email is a Phishing attempt. The previous image has 4 indicators to notice:

  1. Large yellow warning that Google appended into the message
  2. Email address does not not match your organization and/or looking suspicious
  3. Suspicious subject line
  4. Signature is different than what you might expect

This particular Phish seems fairly harmless, but if you responded to it, the sender would know they had a valid email address to use in future efforts and may have begun a dialogue asking for things like credentials, information, money, etc.

Learn More

University business is conducted through MyU Portal. Any email sent to you for UMD business will refer you to myu.umn.edu. This includes anything relating to your student account, financial aid, payroll, and benefits.

What Should You Do?

If you receive Phish email:

  • Do not respond to the message.
  • Do not share any information with the sender.
  • Report it to ITSS.

Questions?

Please contact the ITSS TechCenter Help Desk with any questions.