Body
What is Phishing?
Phishing is a fraudulent activity of sending emails posing as a legitimate person or company in order to obtain sensitive information such as usernames, passwords, credit cards, and gift cards . They send out e-mails which appear to come from legitimate websites such as banking institutions, corporations, or even Columbus State. The emails may state your information needs updated or validated and asks that you enter your username and password (and possibly additional personal information).
Jump to the section below: What to do if you are a victim of phishing
Columbus State will never ask you to:
- enter your login credentials
- validate or verify that you need an account
Red flags of phishing
Phishing emails contain subtle clues (or red flags) that legitimate emails don't have. These red flags can help you spot a phishing attempt and avoid becoming a victim:
- Email address - Names are easy to fake, always confirm the email address is really from that person.
- Subject line - if the subject starts with [EXTERNAL], it is NOT from a CSCC email address. Not all external emails are scams, but if the person's name matches someone at Columbus State, it should not be flagged as [External] and the email should end in @cscc.edu.
- Generic salutation - watch for a generic salutation such as "Dear customer" or "Dear employee" instead of your name.
- Urgency - phishing emails try to create a feeling of urgency so you act before you think, so you miss the red flags.
- Poorly written - watch for misspellings, poor grammar, and punctuation errors.
- Account verification request - legitimate organizations will never reach out to you to verify your account with them.
- Link or button - links can easily route you to different websites than they claim to. Never click links unless you can confirm the sender's identity.
- Attachments - any attachments can contain malware, and opening it can install the malware on your computer where it can wreak havoc on your computer or even your organization's entire network. Never open attachments unless you can confirm the sender's identity.
- Contact information - watch for strange or generic information in a signature. Legitimate organizations want you to be able to contact them, if necessary.
If you receive a suspicious email, don't click any links. Report it to the Information Security Office at Columbus State to investigate by forwarding it as an attachment to: abuse@cscc.edu
Learn more with short videos
Learn more about phishing & scams, password best practices, malware dangers, and more by watching short awareness videos:
What to do if you are a victim of Phishing
Steps to take iāāāāf you believe you have entered personal information (password, secret question answers) into a phishing site:
- Change your compromised information immediately by going to password.cscc.edu and clicking Change My Password
Compromised information may include:
- Password
- Secret questions / Answers
- Report the email for further investigation by forwarding it as an attachment to: abuse@cscc.edu