About Phishing Attacks
- Timothy Pinkham
- Former user (Deleted)
Introduction
This page explains what phishing scams are, and how they work.
Here is a sample phishing email:
To learn how to protect yourself from phishing attacks, see Protect Yourself from Phishing Attacks.
Phishing Defined
"Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication." (Source: Wikipedia)
How Phishing Scams Work
Many Biola email accounts have been compromised by phishing emails. These email messages attempt to steal NetID passwords by tricking you into clicking a link that redirects to a fake login page. Once you’ve signed in, they have your credentials, which they use to steal additional information or send more phishing emails from your account.
The Difficulty of Combating Phishing
There are two main reasons phishing attacks are so difficult to stop:
Phishing email at Biola is coming from legitimate email accounts that were compromised when a Biola community member was fooled into handing over their username and password. It can’t be detected and flagged automatically using standard tools because unlike traditional spam, which is easily identified by where it originates, or the bogus accounts used to send it, phishing email comes from valid biola.edu addresses.
- Biola students and alumni, who tend to be most vulnerable to these schemes, are also the most numerous types of accounts in our Google Apps domain. If even a small fraction of these fall for the scam, this can have a significant effect on the broader community.