October is National Cyber Security Month. Phishing (pronounced "fishing") is a type of online identity theft. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information. A legitimate company will NEVER ask you to send information via email. 



 Beware of Phishing Phil's plots!

  • Misspelled words and bad grammar: Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
  • Beware of links in email: If you see a link in a suspicious email message, Hover and rest your mouse on the link (but don't click on it) to see if the address matches the link that was typed in the message. Do not trust links that do not take you to the company's real web ad.

  • Spoofing popular websites or companies: Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites.  They may also use slightly altered names of companies (i.e. gooogle.com or micrsoft.com) to throw you off.

  • Request for account information: Often cybercriminals will use one or several of the following phrases to prompt you to provide account information, such as your username, password, credit card numbers, etc.

    • Verify your account

    • Update your account

    • During regular account maintenance

  • Threats that require prompt action:  Cybercriminals will often claim that your account will be suspended/deleted if you do not respond with your personal information within some amount of time.

  • Example:


What do you do if you receive a Phishing attempt?
  • Never respond or provide any information, regardless of how legitimate the website/email appears

  • Delete the email from your inbox

  • If you are unsure if the email is a phishing attempt, call the help desk (513-745-4357) BEFORE responding or opening any links/attachments.

 What do you do if you've been scammed?
  • Change all your passwords or PINs on any accounts you think may be compromised. 

  • Report problems with your Xavier account and/or email to the helpdesk (513-745-4357 or helpdesk@xavier.edu)

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

 Content produced in part by US-CERT, http://ics-cert.us-cert.gov/