Important to know:
Trinity College or any reputable organization will never ask for your passwords in an email or phone call.

Cybercriminals Like to Phish but Don’t Take the Bait

Phishing – when a cybercriminal poses as a legitimate party in hopes of getting individuals to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. Phishing is an attack carried out to steal usernames, passwords, credit card information, Social Security numbers, and/or other sensitive data. Phishing is most often seen in the form of malicious emails pretending to be from credible sources like people, departments, or organizations related to the college. However, while phishing has gotten more sophisticated, keeping an eye out for typos, poor graphics, and other suspicious characteristics can be a telltale sign that the content is potentially coming from a phish.

 What is phishing?

Phishing is a type of electronic scam. Cybercriminals use deceptive tactics to manipulate people into doing what they want, intending to steal information and money. They use phishing because, unfortunately, it’s easy to do and often effective.

The tactics used, sometimes called “social engineering,” is the foundation of all phishing scams conducted through emails, text messages, and cell phone calls. As technology becomes more advanced, so do cybercriminals’ tactics.

How to Protect Yourself From Phishing Scams

Reputable businesses, banks, websites, and other entities won’t ask you to submit personal information online. If you receive such a request and aren’t sure if it is legitimate, contact the sender by phone to see if the company sent the email.

Some phishing attempts are amateurish and filled with broken grammar and misspellings, so they are easy to spot. However, some contain identical copies of familiar websites, such as your bank’s, to lull you into complying with the request for information.

Common sense safety steps include:

  • Don’t reply to an email that asks for personal information.
  • Don’t open or download files attached to suspicious emails.
  • Don’t click any links that appear in the email.
  • Search the web for the email subject line. If it is a hoax, other people may have reported it.

Be particularly suspicious of emails with subject lines and content that include:

  • A request to verify your account immediately or the sender will close it
  • An offer of a large sum of money in exchange for your account information
  • An announcement that you’re the big winner in a lottery you don’t remember entering
  • A request for emergency financial help from a friend who is supposedly on vacation
  • A threat of bad luck if you don’t reply
  • A notification that your credit card has been hacked
  • A request to forward the email to receive $500

I’m still not sure if it’s a legitimate message or a phish. What should I do?

You don’t have to be an expert. If something seems suspicious, it probably is. For college-related messages, forward emails using the report phishing email client add-in or by contacting the Information Security office, and we’ll look into it for you.

For suspicious messages sent to your personal account, do your research to see if the message is legitimate:

  • Contact known persons or companies directly.
  • If the sender is unknown, see if the organization actually exists and call them directly.
  • Consider ignoring and deleting the message.

What should I do if I opened a suspicious link or attachment or inadvertently share sensitive information?

Immediately report it as a possible incident. Visit the Report an Incident web page to learn more.

Learn More:

Protect yourself from phishing; learn to spot a phishing message with Microsoft

Top News on Email Scams, Spoofing, and Phishing