Phishing is an attempt to use electronic communications to fraudulently gain access to user information. A phishing email may ask for personal information, such as your password. You should never provide sensitive information by replying to the message or clicking on links within the message.
Spear phishing attacks are more targeted than general phishing attempts. They use information specific to the recipient, for example, the sender might appear to be your boss, or the message indicates an emergency in your location. They rely on social engineering, employing methods that elicit a "fight or flight" response under pressure. When the message evokes concern or anxiety, combined with the apparent need for an immediate reply, it can be difficult to discern that the message is a cyberattack. There is no perfect technical solution for this problem; instead it requires each email recipient to participate in the solution by not providing the confidential or financial items requested.
WPI community members can report suspected phishing email attempts to ITS for investigation. Including the email as an attachment and the email headers helps us quickly identify and track the source of the message.
Report phishing as follows:
- Create new email message.
- Attach a copy of the suspicious email to the new message (see Actions). The attachment also contains the headers of phishing email, so there is no need to send separately.
- Send to email@example.com.
- Delete suspected phishing email message.