We would like to think email is a trustworthy platform. While it is safe the majority of the time, the reality is that the underlying technology was created long before today’s internet and has faults that many use to their advantage. The act of scamming someone through a fake email or message to gain data or money is known as phishing. Combating phishing is an ever-changing task; as defenders adapt, so does the other side.

For many years, the problems were centered around attachments and links in email. As anti-phishing technology has gotten more effective, phishing techniques have changed to get past these safeguards. Today’s phishing is still primarily related to email, but other technologies, such as text messaging, are also being used. This new wave of fraudulent communication tends to comprise of scams that have existed for years, but are now using a different medium for personal gain. While we cannot forget the lessons we already know, we need to learn to adapt along with the bad guys.

How to be prepared

The most important things you can do to avoid falling victim is trust, but verify and remember: if it is too good to be true, it probably is. Ultimately, you are the most effective way to detect and stop phishing scams. Be on the look out for the following indicators to prevent stolen information:

• Beware sketchy messages: Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests or gimmicks.
• Avoid opening links and attachments: Even if you know the sender, don't click on links that could direct you to a malicious website. Do not open attachments unless you are expecting a file from someone.
• Verify the source: Check the sender's email address to make sure it's legitimate. If in doubt, contact the sender through other means, such as a known phone number.
• Know your URLs: Don't be fooled by fake login pages. Phishing emails commonly include a link to a login page that looks like a WSU login page, but careful examination of the website address shows that it is not authentic. Always use login.wayne.edu to access services like Academica, Wayne Connect, Canvas and more.
• Know your role: Spoofing the identify of someone with an authoritative position is a way for phishers to grab your attention. If it seems unusual for someone in those roles to ask a favor, especially if it involves financial transitions, verify first. For those in a leadership role, use consistent forms of communication and set expectations on how you communicate valid requests.
• Be on the lookout for AI: Improper use of colloquialisms or slang, accents, and unnecessarily sophisticated or formal language can all be signs of AI-generated scam messaging. 

How to react

Wayne State University staff and faculty will never ask you for your password or other private information via email. Follow the steps below if you believe you have received a phishing email:

• Do not reply: Never reply to an email message requesting a password, user name, account number or personal/financial information, no matter how legitimate the message may seem or who appears to have sent it.
• Delete the message: Viewing the email typically does not harm your computer. The damage comes from replying to it and providing a stranger with your personal information or information about WSU computer accounts.
• Report suspicious emails: Follow these instructions to notify our Information Security Office of malicious messages.
• Get help: If you did reply to a phishing message and provided personal or account information, contact the
  C&IT Help Desk.