Phishing - What is it and how to avoid it!

'Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication' - Wikipedia

A short video on Phishing

Click on the grey box to expand for more information

What is phishing?

Phishing is a form of online fraud. In a typical phishing incident, you may receive an email or pop-up message that claims to be from IT Services or another business or organisation that you may have previously dealt with for example eBay or Bank of Ireland. The message may ask you to ‘update,’ ‘validate,’ or ‘confirm’ your account information.

Trinity staff and students should treat any email that asks for your username and password details with extreme caution. The consequences of falling victim to a phishing attempt are not limited to your own account, but could affect the Trinity community as a whole. One compromised account could potentially endanger vast amounts of sensitive data. Or, one compromised account distributing large amounts of spam could result in Trinity losing email as a service entirely for a period of time.

What does a phishing email message look like?

Always trust your instincts, if an email offers something that looks too good to be true, it possibly is.  Similarly don’t be tempted to respond hastily to an email which threatens to disable your account. Check the IT Services website or give the IT Service Desk a call if you are unsure whether an email is genuine or not.

Phishing emails often have the following types of characteristics:

  • They may use language like ‘important notice’, ‘urgent update’ or ‘alert’ or ‘violation’ with a deceptive subject line to persuade you that the email has come from a trusted source.
  • They may contain messages that use threatening language, stating that your account will be disabled if you do not act.
  • They may appear to come from someone in Trinity but you should be aware that email addresses can be forged easily.
  • They  may copy content such as  logos and images used on legitimate websites to make the email look genuine.
  • They may contain hyperlinks that will redirect you to a fraudulent website instead of the genuine links that are displayed.  If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link typed in the message.

Have a look at the example of a phishing message sent to Trinity users below:

Phishing image

What should I do when I receive a phishing email to my Trinity email account?

See our web page on how to report a phishing email.

What do I do if I think I have responded to a phishing email in Trinity?

Think you know all about Phishing?

Try the following interactive games to test your knowledge

  • Anti-Phishing Phil

http://www.ucl.ac.uk/cert/antiphishing/

  • Dell SonicWALL Phishing IQ Test

http://www.sonicwall.com/furl/phishing/

 

What is the Phishing Awareness Campaign?

We are working with external partners, Khipu, who provide a Phishing service for organisations. The service is a way of bringing awareness to phishing and its consequences as it provides real-time education. Actual phishing messages can be very sophisticated.

Over the coming months, we will send a variety of different kinds of phishing messages and we will be able to share the results with you as the awareness grows across the University community.

1st Phish Summary Report


Finally remember...

IT Services will never ask for your username and password in any email we send. You can confirm the validity of any communications from us with by searching our website www.tcd.ie/itservices or by contacting the IT Service Desk.