Skip to main content

SecureIT

Be cautious of links in emails requesting you to enter your credentials on a separate website. eight-bit sparty

Phishing

Have you been phished?  

  • Forward all suspicious emails received in your MSU email account to abuse@msu.edu
  • Consider the information that is now compromised and take any precautions necessary to keep that data from being immediately used against you (e.g., pause credit cards/payment processing accounts and reset your passwords). 
  • Visit identitytheft.gov and follow the outlined steps (as applicable to your situation) to ensure your identity and accounts are not further compromised. 

What is phishing? 

Pphishing is a scam that typically involves email messages that are designed to appear from a trusted source in order to persuade you to provide sensitive information. 

Why is this important?  

A phishing attempt can be successful if it collects even some seemingly harmless information, providing a malicious actor the means to eventually gain access to your sensitive data. Malicious actors often use this information to cause harm financially and professionally, and may use it to steal your identity. In the U.S., identity theft costs an estimated $43 billion in recent years, including 100,000 people reporting a loss of $10,000 or more. This sensitive data can include:  

  • Bank account and/or credit card numbers  
  • Passwords (especially ones you’ve used in multiple places) 
  • Personal identifiable information (such as your birth date, address, full name, the last four numbers of your social security number, etc.) 
  • User ID to important systems (such as msu.edu, Google, Apple, etc.) 

How do I identify phishing attempts?  

Successful phishing attacks use a number of tricks to get their target to click a link before they think. It is advised to practice taking time to pause to carefully review messages before you act, similar to answering a phone call or your doorbell. 

Whether it's a voice, text, or email message, verify the sender. Review the name, picture, and source address (as applicable) and ensure you know this sender and consider whether you typically receive communications from them. In the case of emails, hover your mouse over any links and ensure the target URL (displayed in the lower left corner while hovering) is one that you know and trust. 

If the message appears to be from a trustworthy person or organization, reach out to the sender via a known, trusted line of communication other than responding to or using links within the message in question (like looking up their phone number directly through their website). 

As you examine the message, look out for these key elements of a well-crafted phishing attempt: 

  • Authority: Phishers often impersonate well-known organizations or individuals to gain your trust. They may use logos, email addresses, or website designs that closely resemble those of legitimate entities. 
  • Urgency: Phishing messages often create a real sense of false urgency to pressure you into acting quickly without thinking. They may claim your account is compromised, a payment is overdue, an erroneous charge was made, or an exclusive offer is expiring. 
  • Community: Phishing attempts may exploit your sense of community by mentioning shared interests, recent events, or mutual acquaintances. They may appear to come from a friend, colleague, or online group.
  • Curiosity: Phishers may use intriguing subject lines, unexpected news, or personalized details to entice you to open the message or click a link.
  • Promises: Some phishing attacks may promise lottery winnings, tax refunds, or investment opportunities that are too good to be true.

I found a phishing email but I didn’t click on anything. What do I do?  

Forward your message to abuse@msu.edu, specifying that you didn’t click on any links or open any attachments.

I got phished! What do I do?  

Forward the message to abuse@msu.edu, specifying that you have been phished. They will advise you on the best course of action.  

If you think you’ve compromised your account...

  • Immediately change your password
    • For MSU accounts, you can do this at netid.msu.edu
    • If you need further assistance, call the MSU IT Service Desk at (517) 432-6200.  
  • If your account is not MSU affiliated, contact the company so that they can advise you on the best course of action.

Stay vigilant and cautious of unsolicited messages, and always verify the authenticity of requests for personal information. By understanding the tactics of phishers and adopting safe online practices, you can protect personal or institutional data.