Phishing and Scams

Phishing

Phishing is when someone tries to illegitimately get your information from you. This information could be your username and password, personal financial information like your debit card number, or anything else that might be useful to someone who wants to assume your identity. Most of the time this is done through email where the scam artist will pose as someone you trust such as your bank, insurance agent, facebook, or even a representative of Emory.

Sidenote: No Emory employee, even from IT, will ask you for your user ID and password. Anyone who claims to be an Emory employee that needs your password is trying to scam you.

They will then try to get you to send them your information or follow a link to a website they've created and enter your information there.

How to avoid getting phished or otherwise scammed

  • Examine the email address of the sender. Most of the time it will be an incorrect name/address of a real organization. E.G.: Micosoft, gmaiil, emory@yahoo.com
  • Examine the link the email tells you to click. If you hover your mouse over the link instead of clicking, most email programs should show the actual address it links to. If it appears to link to a different site from which it claims to be, this is a major red flag.
  • If you think there is any chance your password and/or user ID have been compromised, change your password immediately.
    • Emory Healthcare: Go to the password reset tool, located on the Emory Healthcare intranet (www.ourehc.org) under the Quick Links section.
    • Emory University: Visit enid.emory.edu/myaccount. Login and select the “Passwords” link.

Learn More About Phishing The following websites contain more information about phishing scams and how not to fall victim

Sophos Best Practices - Phishing

Federal Trade Commission - How not to get hooked by phishing

US CERT - Avoiding social engineering and phishing attacks

Anti-phishing Working Group education page