ITS Office of Information Security

Phishing

  1. Home
  2. Common Threats
  3. Phishing

What is Phishing?

"Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Phishing is a form of social engineering.

Like all universities, Appalachian State University is frequently phished for account credentials.
A phishing attempt for account credentials usually starts with an email that indicates that you MUST do something to validate, extend your storage, view quarantined messages, etc. The message will almost always convey a sense of urgency. This is an attempt to get you to act quickly without thinking.

What is Phishing?

Important Things To Remember About Phishing Attempts

  • Always remember that ITS will never ask you to provide your password either via the phone, email, or other communication medium.
  • Keep in mind that phishing emails can look very legitimate and include the same images, logos, and text associated with the organizations they are attempting to masquerade as. Don't take the appearance of an email or web-site as a mark of legitimacy. 
  • Also be aware that the "From" field in email messages can easily be fabricated. Don't assumed that an email is legitimate based on the apparent sender in the "From" field. 

If you receive a message asking you for this information you can forward this to phish@appstate.edu for direct review. 

Phishing Victim Advisement

If you think an appstate email is malicious, please forward it to phish@appstate.edu or call us at 828-262-6266.

"Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Phishing Scheme Advisement

1) Stay calm and don’t beat yourself up.

Phishing schemes are incredibly common and can be quite sophisticated. Even if you fell for a phishing scheme, you may not be a victim of identity theft.

2) Analyze the situation and take action.

3) Report the incident.

Record your interactions with institutions, creditors, and law enforcement. Note dates, contact names, addresses, phone numbers, and other details.

4) Protect yourself from future attacks.

What To Do If You Downloaded a Fraudulent Attachment To a University-Owned Device

What To Do If You Downloaded A Fraudulent Attachment To Your Personal Device

  • Disconnect your device from the network.  This may prevent phishers from installing malware, gaining remote access to your computer, or spreading malware to other devices.
  • Back up your files. 
    • Data may be destroyed in the process of recovering from a phishing attack. 
    • Focus on sensitive documents and irreplaceable files. 
  • Scan your system for malware and clean up your device. 
  • Visit IT Support Services for free antivirus programs and cleanup utilities, or bring your device to the Technology Support Center for help.

What To Do If You Clicked On A Link To A Fraudulent Website or Shared Any Sensitive Information via Email or By Any Other Means

  • Record the information you shared (e.g. username, password, address, account numbers, codes for gift cards, etc.) and details such as the scammer’s email address, the content of the email, and the URL that you clicked. Take screenshots, copy or print all web pages, emails, text messages, or other correspondence related to the incident.
  • Change passwords for any accounts you believe may have been compromised and never use the same password for multiple accounts. 
  • Check your account profiles and recent activity for misuse, including bank and credit card statements.

What To Do If You Paid A Scammer With A Gift Card

  • Call the card company and tell them the gift card was used in a scam.
  • File a report with the FTC. Print a copy to show to the police when you file your report.
  • File a police report with local law enforcement.
  • Report the phishing scheme to the organization that was impersonated (e.g. your school, employer, bank, etc.) and follow their guidance to safeguard your information.
  • Help others avoid scams by informing your family and friends. You may also report the incident to the FBI’s Internet Crime Complaint Center.

What To Do If You Suspect You Are A Victim Of Identity Theft

  • Contact your financial institutions.
  • Report identity theft to the FTC and get a recovery plan online and follow their recovery steps. These steps may include contacting the major credit reporting agencies, alerting the Social Security Administration, checking your medical records and reporting the incident to the IRS. You may also file a complaint by calling the FTC Identity Theft Hotline at (877) IDTHEFT, or (877) 438-4338.
  • You may also visit the North Carolina Attorney General’s website for recommendations. 
  • File a police report with local law enforcement.
  • Report the phishing scheme to the organization that was impersonated (e.g. your school, employer, bank, etc.) and follow their guidance to safeguard your information.
  • Help others avoid scams by informing your family and friends. You may also report the incident the FBI’s Internet Crime Complaint Center.