Phishing attacks steal personal information by baiting you into doing something, like clicking a link or entering your username and password. Phishing comes in many forms—emails, texts and phone calls to name a few. Phishing attempts may look like they are from Florida State University—often IT Services or professors—but don't take the bait!
Spear phishing is a well-researched and targeted attack. These messages often appear as an email from a trusted person or entity and may include personal details about the victim to make the email seem believable.
Vishing is an attempt to steal information via a phone call or voicemail and is often a prerecorded message. These calls pretend to be from a reputable company and may even spoof the caller ID to look legit. Common vishing scams include tax scams and unsolicited loan offers.
Smishing is like phishing, but instead of being targeted over email, the attacks come as texts or direct messages over social media. These attacks can be very convincing and range from bank notifications to package shipping updates.
A whaling attack is a method cybercriminals use to masquerade as a senior player at an organization and directly target other VIPs within the organization. These scams use a "big fish" to reel you in. The aim is to steal money or sensitive information or gain access to computer systems at an elevated level for criminal purposes.
Does something look a bit off? If you click a link in an email, pay attention to the page you land on. Scam artists often spoof trusted websites, making their phony site look very similar to the real thing. Pay particular attention to the URL; if it is anything other than expected, close the page immediately.
Think before clicking email and website links, and never click a link that looks suspicious
Before clicking, hover over or long tap a link to display the actual URL and see if it is linking to a reputable website
Instead of clicking, type website addresses in your browser to access sites directly
Be skeptical of messages that require "immediate action" or threaten you will lose something
Do not open attachments you are not expecting, especially ZIP files, and never run .EXE files
Avoid providing personal information over the phone, especially from an unsolicited call
Never send credit card numbers or other sensitive information via email
If it seems too good to be true, it probably is
What to Do
If you have been targeted by phishing at home:
- Delete the email or message
- If you believe your account has been compromised, follow these instructions to secure your account
How to Spot a Phish
More tips on how to identify phishing emails
LinkedIn Learning course on real-world examples of phishing attacks and how to prevent them
Phishing IQ Test
Test your ability to spot fraudulent emails with real examples from common phishing attacks
Don’t Get Phished!
Study these quick tips on how to identify and avoid phishing attacks