BE AWARE: Phishing is on the rise at BYU-Idaho. Therefore, it is vitally important that you familiarize yourself with the signs of phishing so that you can be prepared to spot and avoid it when/if a phishing message lands in your inbox. 


Phishing is a scam in which an email is sent claiming to be from a legitimate source. These emails ask for personal information (card numbers, Social Security numbers, etc), which, if given, can be used by cybercriminals to access your bank accounts and wreak financial havoc. These used to be computer-specific threats, but the rise of smartphones, tablets, and mobile applications has brought this threat to mobile users as well. In fact, some say that mobile users are three times more likely to be victimized by a phishing scam than standard computer users.

Keep an eye out for these signs of phishing:

  1. Be wary of any email that claims your information has been compromised, or that demands you respond to the sender with personal information such as your bank information or Social Security number. No legitimate source will ask for this information via email. In fact, most legitimate sources will not ask for it at all.
  2. If an email offer seems “too good to be true,” chances are it is. Ignore emails that offer extravagant prizes for seemingly no reason, tell you you’ve won a contest you never entered, or that claim to be offering you large sums of money. These are always scams.
  3. Be wary of any emails that come from unfamiliar addresses! If you don’t recognize the entity sending you the email, chances are the email (and what’s hiding within it) are things you could gladly live without.
  4. Keep an eye out for spelling or grammar mistakes. For example, an email might claim to be from eBay and refer to you as a “costumer” instead of a “customer.” Real emails from legitimate companies will not have errors such as these.
  5. Phishing emails will often tell you that “direct action” is required on an account, and to “click this link” to perform that action. Chances are good that this is false, and in any case, you should never click links offered to you like this. If you’re worried that the email might be legitimate, log into the account in question, verify the legitimacy of the email, and (if needed) perform the requested actions directly from that account.

TECHNOLOGY TODAY: FEBRUARY 2017 This seems phishy: Over the last few months, the Email team has been dedicated to meeting the challenges presented by malicious emails. Their activity has been directed toward four specific criteria: 1. Building awareness and communication around malicious attacks, specifically phishing scams. Learn more about how to protect yourself from phishing scams by reading the infographic below. 2. Proactively deleting phishing emails. The Email team’s efforts have protected hundreds from stumbling across, or falling victim to, a possible scam. 3. Significantly increasing training for the Email team’s staff, the BSC, and others. To learn more about preventing further spreading of malicious emails, consult Knowledge Base articles that address the prevention and recovery processes. 4. Ongoing planning, evaluation, and strategy on how to prevent malicious attacks. Meet the Email Team: Tony Derricott, Adam Gehring, DJ Lim, Jordan Hatch, David Labaccaro. DID YOU KNOW? In the most recent phishing attack, the Email team was proactively and diligently working to delete 1,588 items from over 124,943 mailboxes. The Email team uses Exchange Online Protection, a cloud-based email filtering program, to actively search for possible phishing scams. On the info graphic, there is then display six tips: AVOID MYSTERY SENDERS: Do you know If not, don’t open anything they’ve sent you. Don’t open emails from people you don’t know. DON'T OPEN "IMPORTANT" DOCS: Refrain from opening any attachments from an unknown sender. LOOK FOR FALSE IDENTITIES: If you are not sure an email you received is legitimate, one way to check is to look at the spelling and spot key mistakes. BEWARE IF EMAILS TRY TO ELICIT PERSONAL INFO: Be wary of any email that claims your information has been compromised and requires you to reveal sensitive information. No legitimate source would ask for account information  via email. IGNORE FALSE LINKS: If an email offer seems  “too good to be true,” chances are it is.  In any case, you should never click links offered to you in suspicious emails. TOO CLOSE TO CALL: Be cautious. Phishing emails are becoming more and more advanced. Cybercriminals are known for utilizing a known or credible email address to distribute their phishing messages.