Phishing attacks can come in various forms—emails, texts, or social media messages. Click, respond, or otherwise give your personal information to hacker, and your system, data, and money are in big trouble. A successful phish can even give a bad actor access to Pitt systems and data, potentially risking the whole University and its students, faculty, staff, alumni, and partners! But you can stop phishing attempts before they can do you any harm. Learn to spot the signs of a phishing attack and know what to do if you get one.

Spot the Phishing Bait

A job offer or random giveaway for something free that seem too good to be true. A purchase or shipping confirmation for something you didn’t order. A warning that your email account will be suspended because you have multiple university accounts. A message from a known contact that doesn’t sound like them or asking for something unusual. Phishing attempts can take a lot of forms, but there are some common red flags that can help you spot them:

• Unexpected attachments or links
• Sense of urgency (warnings, close deadlines, or a big impact)
• Asks for sensitive/personal information (especially if the sender should already know it)
• Unusual grammar and spelling errors
• Generic language and greetings, like "Dear customer"
• Public email domain (e.g. Gmail), rather than a business-specific domain
• Sender's email address or web address doesn’t match the usual format for the organization
• Encourages recipients to take a screenshot (knowing that phishing emails are deleted from inboxes once detected)

Avoid Being Reeled In

So you got something that seems a little odd. Trust your gut! Take some steps to confirm whether a suspicious email is a scam or legitimate. Before you respond, click any links, or download any files, verify the sender and the content using trusted, independent resources.

• Jobs or internships should be listed on Handshake or the company’s website. You shouldn’t get an offer or interview request for a position you didn’t apply for.
• Independently log into your account and look for a purchase, message, or other activity to confirm what’s claimed in the email.
• Check other emails from this sender to confirm that the email address or URL match the format they use. Look for small misspellings and random extra characters.
• For an email from or about someone you know, reach out to them directly and ask if they sent the message to you.
• Hover over a link to see if the URL matches the text or leads to a web address that looks appropriate for the sender. Don’t click a short URL or use a QR code when you don’t know who created it.

Toss The Phish Back

If you think you’ve received a phishing email or message, take action immediately. Do not click on any links or download attachments from the suspicious email. Instead, forward the email as an attachment to phish@pitt.edu to report it to Pitt IT. Then delete the email from your inbox once it’s reported.

If you think you mistakenly sent information, clicked a link, or downloaded an attachment from a scammer, take steps to protect yourself:

• Change your password immediately on the affected account(s).
• Contact the Technology Help Desk to alert them of what happened.
• Contact the police if you detect that a crime like theft or fraud has occurred.
• Freeze your credit to prevent identity theft.
• Bring your device to Drop-In Support to have it cleared of malware.
• Monitor your accounts for any unusual activity.
• Update your security settings to add extra protection (like two-factor authentication).

Students: Learn More at Tech Fest

Tech Fest 2024: Trick or Treat for Cybersecurity
Friday, Oct. 25 at 11 a.m. – 2 p.m., William Pitt Union, Lower Lounge

Tech Fest 2024 is the ultimate celebration of all things tech! You’ll learn all about the latest tech solutions for students and cybersecurity best practices on a fun cybersecurity Trick or Treat trail! Whether you’re a tech enthusiast or just curious, pick up candy, snacks, and swag while connecting with the Tech Ambassadors and experts from Pitt IT, Pitt Police, the Career Center, and the Financial Wellness Center.