Phishing is a type of email scam where the attacker sends emails that impersonate a company (often financial), a service desk, an employer, or someone that you already know and trust. The goal is to:
- steal personal information by tricking you into entering your username and password, PIN, or other sensitive information.
- install malware or viruses on your computer that can record keystrokes, capture saved or stored information, or destroy files.
For example, Columbia students, faculty and staff may receive emails that appear to come from trusted sources like "CUIT Service Desk," "MyColumbia," or "President Bollinger," with a link to a website where you are asked to enter your username and password to "verify your account" (see "How to spot a fake Columbia CAS login page," below.)
How to Handle a Phishing Message:
1. Identify the email as suspicious.
Phishing messages usually have one or more of the following:
- Spelling or grammatical errors. These should be immediate red flags.
- Heightened urgency. Phishing attempts often try to get you to respond before you have a chance to think.
- Generic signatures. A signature line with "Service Desk" or "Administration" rather than a University official whose name you can verify.
- Requests for personal information. A request for personal information from contacts you did not initiate.
2. If you think it's suspicious, report it:
3. If you already clicked on a phishing link or have entered your information on a suspicious site: