The start of the semester, long holiday breaks and tax season are prime time for phishing scams. The flurry of back-to-campus events, assignments and emails can be overwhelming, and the worry of missing something can lead to accidentally clicking through a phishing email. The Office of Information Security in the Office of Technology Services (OTS) reminds the campus to be aware of phishing emails sent to TU email accounts, and recommends keeping these resources for help with identifying and reporting phishing.
What is Phishing?
Phishing is an email scam designed trick you into providing sensitive information such as usernames, passwords or credit card numbers, or opening an attachment that installs malware on your computer or device.
It’s not always easy to spot phishing attempts, especially when they appear to be legit. These characteristics are red flags, and the email in question should be treated as suspicious when they are present:
- Request for username and passwords-especially for NetIDs. No one at TU will send an email asking for your username and password. And no one will ever ask for your password.
- References to the IT department or IT service. The technology office at Towson University never refers to itself in writing as “IT” – always look for “The Office of Technology Services” or “OTS” in communications.
- Obvious spelling mistakes and bad grammar. Emails sent from TU departments and offices are almost always reviewed and spell-checked prior to distribution.
- Unfamiliar links in the body of the email. Don’t click – hover over the linked text to check the actual web address.
Attachments that are “.exe” files. Opening these can launch and spread malicious software.
- Unknown sender, or an email from an unsolicited source. If it isn’t from an @towson.edu address, call the sender to confirm.
- Storage Space/account threats or urgent messages waiting. Look up the sender in the TU directory (not a number provided in the email) and call to confirm, or contact OTS at 410-704-5151.
I’ve received a suspicious email-now what?
- Do not reply, click on any links, or open any attached files.
- Forward the suspicious email to firstname.lastname@example.org, then delete.
- If you are concerned that your information or device may have been compromised, contact OTS at 410-704-5151 or submit a TechHelp service request.
Learn more at www.towson.edu/phishing.