Summary
Phishing is a serious, persistent, and evolving threat; It's an attempt to acquire confidential information such as account passwords, identification numbers or credit card details by pretending to be a trusted entity in electronic communications including email, texting and instant messaging. This article is for students, faculty, and staff.
Content
Phishing is an attempt to acquire confidential information such as account passwords, identification numbers or credit card details by pretending to be a trusted entity in electronic communications including email, texting and instant messaging. Phishing is dangerous and can lead to financial risk and identity theft. At USNH, 3 to 5 different phishing emails are typically reported by community members, every day!
Spam is a nuisance akin to junkmail sometimes used by legitimate businesses and organizations and is typically not a severe risk for the receiver. Spam from a USNH email account may indicate a user's account or computer has been compromised and should be reported.
Warning signs of phishing
SENSITIVE INFORMATION: Phishing asks you for sensitive information such as your account passwords, Social Security Number, credit card numbers, or UNH ID number. Legitimate businesses and organizations do not request or provide sensitive information via email.
"CLICK HERE": Phishing often presents links or attachments and urges you to click to respond, read information or view pictures. In some cases, just clicking the link or attachment can infect your computer.
FALSE URGENCY: Phishing makes threats such as termination of services if you don't respond immediately . They want you to respond before you think!
UNEXPECTED MESSAGE: Be wary of emails you didn't expect to receive, even those that appear to come from a business you deal with or someone you know.
COPY LEGITIMATE SOURCES: Phishing pretends to be from a trusted source such as USNH, your bank or well-known delivery companies and may include recognizable logos, addresses or names.
ODD GRAMMAR: Phishing may contain odd grammar, misspellings or unusual capitalization. These emails often originate from regions where the writers are not familiar with English.
What should you do?
If you believe you have received a phishing or spam email:
- Go to the USNH Phishbowl to see if it is a known phishing attempt
- Report suspicious email using "Report Message" button in top menu ribbon in Outlook.
- If the button is not available, forward the message manually to: phishing.report@usnh.edu
- Do not respond or reply to the email in any way; replying shows that your email address is real and can lead to further attacks.
- Do not click on any link in a suspicious email; just clicking a link can open your computer to attack from a virus or other malware.
- Do not open or print any attachment to the email; attachments may contain malicious code which can take over your computer.
- Delete an unverified suspicious email and purge from your 'Deleted' mail folder.
- Verify a suspicious email by contacting the sender by phone; use a publicly available number, not any number contained in the email to make the call.
If you suspect you are a victim of phishing:
Additional useful and detailed information on phishing
Video
View our not-so-serious phishing video:
Further Readings
The USNH Phishbowl
Phishing Awareness - USNH Cybersecurity office
Accounts: What should I do if I think my account is compromised?
Outlook: Reporting a Phishing Email with the "Report Message" Button
How to Recognize and Avoid Phishing Scams - U.S. Federal Government
Don't Be A Phish - UNH IT Security on Vimeo
Internet Crime Complaint Center - Federal Bureau of Investigation
Need additional help?
Submit a Request to the Cybersecurity Team
Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request. For password issues you must call or visit the Help Desk in person.