What is Phishing?
"Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. These attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information, to gain access to accounts, or to infect your machine with malware & viruses are a form of social engineering. Like all universities, Appalachian State University is frequently phished for account credentials. Phishing attempts can happen through a variety of channels, including email, social media, or text messages, and can compromise security and lead to the theft of personal and financial data. Highly targeted attacks on groups or individuals are known as “spear phishing.”
What tactics are used in phishing attempts?
Phishing messages can come from hijacked accounts of people you know, making them hard to distinguish from real messages. Additionally, cybercriminals commonly use infected documents or PDF attachments as vectors for their phishing attempts. Another common trick attackers use is trying to get victims to sign in on a fake login page where their usernames and passwords can be stolen.
How do you avoid phishing attempts?
Phishing attempts can often get through spam filters and security software that you may already have in place, so stay vigilant and trust your instincts. Keep an eye out for things like unexpected urgency or a wrong salutation. Think twice about clicking a link or opening a document that seems suspicious. Double-check that every URL where you enter your password looks legitimate. And if anything raises doubt, report the communication to firstname.lastname@example.org.
<iframe width="560" height="315" src="
embed/3vcLyvoKYZc" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>