Phishing Awareness

Please review our tips below to protect yourself against phishing attempts.

What is phishing?

  • Phishing is a common attack where a hacker attempts to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity.  Phishing attempts often look authentic, seeming to come from a legitimate business or individual. They frequently urge you to act quickly, warn you of a compromised account, or ask for additional information before fulfilling an online order.  

    Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.

    Spear phishing

    Phishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.

    The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.


    The term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.

Be wary of emails asking for confidential information.

  • Legitimate organizations will never request sensitive information via email. Never submit confidential information via forms embedded within email messages.

Watch out for generic-looking requests for information.

  • Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them.

Do not click on links within an email message that looks suspicious.

  • Phishing emails usually contain a link to a web page that looks similar to the login page for a service.  Once you try to log in with your username and password, the spammers have your credentials and start using them it to phish information from others.

Is that web site legitimate?

  • Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine sites, complete with the logos and other graphics of a trusted web site.
  • If you're at all unsure about a web site, do not log in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.

Learn to analyze a web address.

  • Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site.
  • Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name.

Use myHill Quicklinks or your own browser bookmarks (favorites).

  • Use the myHill QuickLinks to gain safe access to online services that Stonehill College provides to its students, faculty and staff.  Some of the links will provide the legitimate login pages while other services use a single-sign on which will bring you directly to the service without asking for your username or password.

Don’t get pressured into providing sensitive information.

  • Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the IT Service Desk or the merchant directly to confirm the authenticity of the request. Remember, Stonehill employees, including employees from the Information Technology department, will never ask you for your user ID and password. 

Legitimate messages will not be quarantined.

  • All legitimate messages from Stonehill College will be delivered to your inbox. Under no circumstances will a Stonehill message ever be caught by the SPAM filter.  If a message that claims to come from is caught in the SPAM filter and you see it listed in your Spam Notification email, DO NOT release it to your inbox. Simply delete the Spam Notification message and the phishing attempt will never reach your inbox.

When in doubt, change your password.

  • If you think your user name and password have been compromised, change your password immediately.  This is extremely important.  Change it even if there is a small chance that the site you just logged into with your Stonehill credentials might be trap!
  • As a reminder, the safest way to access the password service is to type the address for myHill ( into a web browser, log in to myHill, and click on Password Service in the Quicklinks channel.

If you receive a questionable message, contact the IT Service Desk.

If you have any questions or concerns about an email message that looks fake or questionable, PLEASE contact the IT Service Desk at 508-565-4357 (HELP) or email for assistance.