Understanding and Preventing Phishing Attacks

2024 ARCHIVED HIGHLIGHTS

March 2025

ITS logo with cyber tips

ITS Information Security: Understanding and Preventing Phishing Attacks

Phishing is a form of cyberattack where malicious actors impersonate legitimate entities to deceive individuals into divulging sensitive information such as passwords, financial details, and personal data. These fraudulent attempts typically occur through emails, text messages, phone calls, and malicious websites. Phishing attacks continue to evolve, making it crucial for individuals and organizations to recognize the warning signs and implement robust security measures to mitigate risks. Review the ITS Information Security web page and the ITS Phish Tank to learn more about cybersecurity and phishing attacks so you’re well prepared and informed so you are not duped. AND before you do anything always do a backup of your work so you do not lose it.

Phishing tips on how to spot one

Types of Phishing Attacks

Phishing comes in various forms, each with distinct tactics designed to exploit human vulnerabilities. The most common types include:

  • Artificial Intelligence (AI): Be aware that AI-powered phishing can generate highly convincing messages, making it harder to distinguish real from fake.
  • Email Phishing: Attackers send deceptive emails that appear to come from reputable sources, often urging recipients to click on malicious links or download harmful attachments.
  • Spear Phishing: This targeted attack is personalized for specific individuals or organizations, making it harder to detect.
  • Whaling: A form of spear phishing that targets high-profile individuals such as executives and government officials.
  • Smishing (SMS Phishing): Fraudulent messages sent via text messages to trick users into sharing personal information.
  • Vishing (Voice Phishing): Cybercriminals use phone calls to impersonate legitimate authorities, such as banks or tech support, to extract sensitive data.
  • Clone Phishing: Attackers duplicate legitimate emails, replacing the original content with malicious links or attachments.

4 Smart Cyber Tips

 Recognizing Phishing Attempts

If you receive an email asking for sensitive information, don't reply directly. Instead, contact the organization using a phone number or website you know is legitimate. Some of these frauds make them so believable, it's very tempting to reply without thinking. To avoid falling victim to phishing scams, individuals should be aware of common RED FLAGS:

  1. Faking or Pretending: Messages urging you to reach out to someone important in your organization.
  2. Urgency or Threats: Messages pressuring immediate action to avoid consequences.
  3. Generic Greetings: Non-personalized emails that address users as "Dear Customer" instead of by name.
  4. Suspicious Links and Attachments: Hover over links to check their actual URL before clicking.
  5. Poor Grammar and Spelling Errors: Legitimate organizations maintain professional communication standards.
  6. Unusual Sender Addresses: Check the sender's email domain for inconsistencies. If it’s a Gmail or a strange address that you do not recognize, report spam.
  7. Verify Before Sharing Information – Never disclose personal or financial information in response to unsolicited requests.
  8. Enable Multi-Factor Authentication (MFA) – Adding an extra layer of security makes it harder for attackers to access accounts.
  9. Use Strong Passwords – Regularly update passwords and use password managers for enhanced security.
  10. Keep Software Updated – Regular updates ensure vulnerabilities are patched, reducing the risk of exploitation.
  11. Be Wary of Unsolicited Requests – Always verify requests for sensitive information by directly contacting the organization through official channels.
  12. Educate Employees and Users – Conduct regular cybersecurity awareness training to help individuals recognize and respond to phishing threats.

Phishing Tips

 Reporting Phishing Incidents

If you suspect a phishing attempt or feel you may have fallen for or have been duped by a phishing scenario, follow these steps immediately:

  • Do Not Click: Avoid clicking on any suspicious links or downloading attachments.
  • Report to Authorities: Use in-platform reporting features, such as Gmail’s "Report Phishing" button, or forward the message to security teams (e.g., security@binghamton.edu or contact the Help Desk).
  • Notify Your IT Department: Organizations should report phishing attempts to their internal IT security teams to prevent potential breaches.
  • Change Compromised Credentials: If you suspect an account has been compromised, update passwords immediately.

Phishing graphic

Conclusion

Phishing remains one of the most prevalent cybersecurity threats, affecting individuals and organizations worldwide. By recognizing warning signs, implementing security best practices, and educating users, the risks of phishing attacks can be significantly reduced. Staying vigilant and proactive is key to ensuring cybersecurity in an increasingly digital world.

ITS Info Sec is working our hardest to keep Binghamton University secure. If you have any questions or issues about information security or phishing scams in particular, after reviewing our website, please contact our Help Desk and/or email security@binghamton.edu.