Toggle navigation
Additional Navigation

National Cybersecurity Awareness Month: Phishing

As part one of the National Cybersecurity Awareness Month series, Campus Technology Services (CTS) is covering phishing, how to spot it, what to do if you believe you are being phished and how phishing is evolving. 

Phishing is a type of attack where a malicious email or text message is sent to try and trick the recipient into installing malicious software or providing sensitive information such as passwords or credit card numbers to a malicious group. Sometimes phishing emails will be highly personalized in a type of attack known as spear phishing. Spear phishing has evolved over the last year with the rise of artificial intelligence (AI). By using AI to craft phishing emails, malicious senders can make them look more professional and official to trick people into interacting with them. Because of this, it’s more important than ever to show scrutiny if you encounter a message that seems unusual.

Below are several things you can do to protect yourself from phishing.

  • Always check the address of who sent you the message, not just their name. The name may be someone you trust but the address won’t match. An example of how a phish would appear in Gmail is “Trusted Person <badguy@phish.bad>
  • Phishing can be conducted over SMS text messages in a practice known as Smishing. If you receive a text message on your phone from an unknown number or the text contains links, be careful. You should only interact with texts like this if you can verify the sender. 
  • Hover over links in emails before you click them to verify they are trustworthy websites.
  • Treat unexpected attachments and requests for sensitive information as suspicious.
  • Check messages for inconsistencies. Examples of this would be emails sent at strange times, the name/organization of the sender not matching their address and signature, and emails that are tagged by Gmail as being external.
  • Ask yourself why you are receiving a message. Does it make sense for the sender to be contacting you? Is what they’re asking for something that makes sense to provide?

If you believe you are the target of phishing, please mark the message as a phish in Gmail and report the email to the CTS Help Desk at help@oswego.edu

For more information about phishing, please visit both the CTS phishing page on the CTS cybersecurity website and this LinkedIn Learning course: Cybersecurity Awareness: Phishing Attacks.

-- Submitted by Campus Technology Services