Phishing

What Is Phishing?

"Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Phishing is a form of social engineering.

Like all universities, Appalachian State University is frequently phished for account credentials.
A Phishing attempt for account credentials usually starts with an email that indicates that you MUST do something to validate, extend your storage, view quarantined messages, etc (see list of Phishing samples below). The message will almost always convey a sense of urgency. This is an attempt to get you to act quickly without thinking.

Here are a few important things to remember about Phishing attempts:

  • Always remember that ITS will never ask you to provide your password either via the phone, email, or other communication medium.
  • Keep in mind that phishing emails can look very legitimate and include the same images, logos, and text associated with the organizations they are attempting to masquerade as. Don't take the appearance of an email or web-site as a mark of legitimacy. 
  • Also be aware that the 'From' field in email messages can easily be fabricated. Don't assumed that an email is legitimate based on the apparent sender in the "From" field. 

If you receive a message asking you for this information you can forward this to phish@appstate.edu for direct review. You can also find samples of phishing messages received by ASU here.

Additional Resources

Videos:

Online Quizzes (off-site):