This October marks the 15th annual National Cybersecurity Awareness Month. Pitt Information Technology is pleased to join this collaborative effort between government and industry by providing the University community with resources to stay safer and more secure online. Because Pitt is often the target of phishing—due to the vast amount of data housed across the University—we’re kicking off the month with advice on avoiding such scams.
What is a Phishing Scam?
A phishing scam is a fraudulent email message from someone impersonating a legitimate organization or individual. It’s designed to trick the recipient into downloading harmful attachments or sharing personal information with the sender. Scammers will often try to extract card payment data or, like the example below, your login information.
In recent months, fraudsters have sent messages to Pitt recipients claiming you’ve run out of email storage space, your library account is expiring, and a display error necessitates you click a link to read the full message. Another scam related to payroll even caught the attention of the Pittsburgh Post-Gazette.
In the case of the email claiming that you ran out of email storage, it contains a link that appeared to lead you to the Pitt Passport login page—reading something like this:
Your out of storage limit and most of your outgoing mail(s) has been placed on hold. To continue sending and receiving mail(s), kindly follow the link below to upgrade your mailbox disk free.
In actuality, the email was a phishing scam sent to Pitt students, faculty, and staff last spring. The link did not send you to the official Pitt Passport page—rather, a malicious site intended to extract your username and password.
Don’t Take the Bait
Legitimate companies will never ask you for sensitive data such as your password or social security number. Phishing scams will not only ask for this information, but will invoke strong emotions of fear or anxiety to convince you to hand over important information.
Andy Seitz, senior security engineer for Pitt Information Technology advises everyone to think about the email you are reading before clicking on any links it contains. An email containing a link or attachment could be a scam.
“Think about what the email is trying to make you do. Scammers will often try to induce fear in you, scare you, promise you money, or try to pique your curiosity,” said Seitz. “Ask yourself, ‘Was I expecting to receive this message? Is it from someone I know?’ If not, it is most likely from a malicious source.”
Doing Your Part
If you receive an email that you suspect is a phishing scam, forward it to firstname.lastname@example.org. Users reporting scams are the best way for the security team to find out about these types of suspicious emails.
Want to test your ability to spot phishing scams? Take the “Stop. Think. Click” quiz provided by the FCC to see if you “take the bait—or live to swim another day.”
For more information on spotting and reporting phishing scams, visit our Phishing Awareness page.