Phishing - Don't Take the Bait!

February 1, 2017

Cybercriminals know the best tried and true strategy for gaining access to your sensitive information and data. In most cases, it doesn’t involve using sophisticated tools to hack into your computer. Instead, they simply try to trick you. This is called a Social Engineering attack.


According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. Following are a few ways to identify various types of social engineering attacks and their telltale signs.

  • Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, a threat that your account will be suspended and/or an offer that seems impossibly good? Click that delete button.
  • Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears “Help Desk” is asking you to click on a link to increase your mailbox quota, but the sender is “HelpDesk@yahoo.com,” it’s a phishing message.
  • Don’t be duped by aesthetics. Phishing e-mails often contain convincing company or institution logos, links to actual websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company or institution directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
  • Never, ever share your password. Did we say never? Yup, we mean never. Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. Neither the IT Service Desk nor anyone in IT Services will ever ask you for your password.
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the President of Saint Mary’s College. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call the person wo “sent” it at a known number to confirm the request.
  • Phishing isn’t relegated to just e-mail! Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.



by Andrew Mantuano
c. 2017 Educause

© 2026 Saint Mary’s College of California