What is phishing?

Phishing is a cybercrime in which attackers disguise fraudulent emails and websites as legitimate ones to trick you into entering sensitive information (e.g. personally identifiable data, usernames and passwords, or banking information) by clicking on a link or opening an attachment.

Phishing emails are generally aimed at a wide audience of potential victims, but malicious actors can use more sophisticated phishing methods such as:

• Spear phishing is a phishing attack based on impersonating specific individuals or organisations (rather than a wide audience of potential victims). Spear phishing attacks commonly utilise tactics like impersonating trusted individuals (e.g using their name, place of employment, or job title), spoofing email personalisation (e.g. company logos), or sharing inside information about the organisation. 
• Whaling is a phishing attack based on impersonating senior executives or other high-profile targets within a company. Whaling attacks will often utilise the same tactics as spear phishing. 

You can learn more about spotting phishing emails on our Knowledge Base here: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360002420439-How-to-spot-a-phishing-email 

Are there any other types of phishing scams?

Yes, malicious actors use other technologies to solicit sensitive information.

• Vishing (Voice Phishing or VoIP Phishing) is a cybercrime carried out using voice calls to gain access to sensitive information. Vishing attacks commonly utilise tactics such as impersonating caller ID and using scary pre-recorded automated instructions to trick you into giving away sensitive information.
• Smishing (SMS Phishing) is a cybercrime carried out using SMS messages to gain access to sensitive information. Smishing attacks commonly utilise tactics such as asking you to verify an account, offering gift cards, or confirm a parcel delivery to trick you into giving away sensitive information.

I think I've received a phishing email, what can I do?

• Refer to the steps in the guide to help spot a phishing email: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360002420439-How-to-spot-a-phishing-email. 
• Don't enter any sensitive information or download any attachments from suspicious-looking emails.
• Report any suspicious emails using the steps in this guide: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360001612040-How-to-report-a-phishing-email.