How to Recognize Phishing Scams

Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Here are some hints about recognizing phishing messages:

Spelling and bad grammar.Cybercriminals are not known for their grammar and spelling. If you notice mistakes in an email, it might be a scam.

Beware of links in email.If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. Links will lead you to a bogus site and request your username or password. They will then use your credentials and the College servers to spam millions of other users worldwide. As a result, email will not flow to College users and we will be black listed by many Internet sites. It takes a long time and great deal of IT resources to clean up this type of activity.

Threats.Have you ever received a threat that your account would be closed if you didn't respond to an email message? Cybercriminals often use threats that your security has been compromised to create panic and get your credentials.

Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.

Here is an example of a phishing attempt received by Stonehill employees:

Notice how this particular email is spoofing a Stonehill College message to make you think it is legitimate. Many users clicked on the link within the message and provided their Stonehill username and password on a page that "spoofed" our webmail login page. However, most users noticed that this did not look like any communication they've received from the college before and did not click on the link. In the example above, please note the URL at the bottom of the screen that appears when hovering the mouse over the bogus link.

Cybercriminals may use web addresses that resemble the names of well-known resources such as the webmail login page but are slightly altered. If you look at the address box within the browser you can notice that the URL is different. Please be aware that many of the College web resources include 'Stonehill' in the address'. For example, webmail.stonehill.edu, myhill.stonehill.edu, www.stonehill.edu or elearn.stonehill.edu. Please check the address for the service, before you login. In the example above, you will see that the arrow is pointing to the address www.abhazdemegi.org, a site that has no affiliation with Stonehill College.

Visit this Phishing FAQpage for more information on Phishing.

Please note that some of the problems you will experience as a result of falling prey to a Phishing Scam and downloading malicious software onto your computer are that the program can:

• Extract sensitive information from your computer
• Record every keystroke you make
• Use your machine as a "slave" and send out virus infected emails
• Monopolize your processing power

If you are ever in doubt, make sure to call the IT Help Desk, especially in the case of a compromised account or an incident involving sensitive information.