What is Phishing?
Phishing is a scam that uses targeted email or pop-up messages to deceive consumers
into disclosing personal information including credit card or bank account info, Social
Security numbers, and passwords.
These email scams convey a sense of urgency and claim to be from a business or organization
that you may be involved with at work or school. Phishing attempts often impersonate
various types of TU communications. Don’t take the bait.
Prevent your emails from looking phishy. The Office of Information Security offers
five quick tips for drafting emails.
Learn more (PDF)
How to recognize phishing
These characteristics should be considered signs of a phishing message:
- Request for username and passwords-especially for NetIDs. No one at TU will send an email asking for your username and password.
- Fraudulent job postings or announcements. Be extra cautious of job announcements coming from a sender's personal email address.
- Unusual or strange purchase requests. Call the sender and ask if he or she really needs the info or to make the purchase
- References to OTS as the IT department or IT service. The technology office at Towson University never refers to itself in writing as “IT”
– always look for "The Office of Technology Services" or "OTS" in communications.
- Obvious spelling mistakes and bad grammar. Emails sent from TU departments and offices are almost always reviewed and spell-checked
prior to distribution.
- Unfamiliar links in the body of the email. Don’t click – hover to check the actual web address.
- Attachments that are “.exe” or “.zip” files. Opening these can launch and spread malicious software.
- Unknown sender, or an email from an unsolicited source. If it is not from an @towson.edu address, call the sender to confirm.
- Storage Space/account threats or urgent messages waiting. Look up the sender in the TU directory (not a number provided in the email) and call
to confirm, or contact OTS at 410-704-5151.
Protecting the campus
As one of many layers of cyberprotection, the Office of Technology Services has phishing
detection on all TU Outlook email accounts. Faculty and staff can use the "Report phish" button (PDF) to forward suspicious email to OIS directly from Outlook.
Report a suspicious email
From a desktop or laptop:
- Click the "Report Phish" button, which appears at the top of the email menu bar.
- You will get prompted with: "Are you sure you want to report this email as a phishing
- Confirm by clicking the red "Report Phish" button, which sends the suspicious email
to the security operations team for review, and deletes the email from your inbox.
From a mobile device:
- Do not reply to the email.
- Forward it to phishing AT_TOWSON.
- Delete the email from your inbox.
Look for these before logging in
Protect yourself and the campus by avoiding fake login pages. Look for these 3 items before entering login credentials. You are TU's best line of defense - think before you click!
- A padlock: Confirm this icon appears in the URL bar.
- “s” after http. Make sure the URL starts with: https://, not http://.
- edu. Ensure you’re logging into a legit TU service when you see this written out before
the third forward slash mark. It might be followed by other characters, and that’s
ok. An example is the myTU login page, where the URL is spelled out as https://mytu.towson.edu/mytu/home.
TU Phish Tank
Expand to see phishing examples (PDFs)
How to avoid spam
Spam is unsolicited junk email, normally with advertising content. This bulk email
is usually sent to a list gathered by legal or illegal means from subscribers to a
website distribution list. Here's how to avoid it:
- Never agree to receive postings about products or interests.
- Never reply to unsolicited email with a "remove" request, or click an "unsubscribe"
link, as this only validates to a spammer or "list broker" that your address is current.
- Do not give personal information to an unprotected online service's member directory.
- Set anti-spam filters with your mail program (Gmail performs this task automatically,
for Outlook see Outlook Junk Email Filter).
- Use separate accounts for personal use.
- Do not resend chain letters, requests or dubious virus alerts.
- Do not follow links in emails from unknown senders.
If you've received a spam email, don't respond - simply delete it.