In this section:
- What is phishing?
- How do I recognize phishing attempts?
- If you're unsure about something - ask!
- What should I do if I am the victim of a phishing attempt?
Phishing scams are attempts to trick you into releasing your email, bank, credit card, or other private information to an unidentified individual. They are usually carried out via email, but can also occur via phone calls where a scammer claims to be a representative of your school, bank, or some other organization.
The primary hallmarks of a phishing email are:
- Impersonation: These emails may appear as they are from a reputable source such as Mercer, or your bank.
- Web links: The linked sites typically ask you to enter personal information, usernames, and passwords.
- Threats: Phishing often involves threats to disable your account if you don't provide the requested information.
- Poor spelling and grammar: This helps the emails evade junk mail filters.
Here is an example of what a typical phishing email looks like:
Take this Phishing IQ Test from Dell to see how well you can spot a phishing email.
The IT Help Desk is always willing to review any email, website, program, etc. to help determine if there is a security risk.
Please note that Mercer’s IT department will not request any sensitive information via e-mail from you. We continue to work toward preventing phishing, virus, and spam messages from reaching your inbox.
If you do respond to a phishing email and provide any information, follow these steps:
Change your password and password security questions.
- If you provided your password for any Mercer systems, visit Mercer's Password Self-Service site at https://pwhelp.mercer.edu to change your password as soon as possible.
- If your password is used on more than one website, change it everywhere you use it.
- Most sites have security questions which allow you to reset your password. The scammer may have seen your current answers, so it's a good idea to change them as well.
Contact your bank, credit card company, etc...
- If you have given the scammer any financial information, contact your, bank or credit card company and report it. Your credit card company can place a fraud alert on your account.
- Contact the 3 main credit bureaus and have them put a fraud alert on your credit file.
- If you have provided your driver's license information, contact your DMV.
- If you provided your Social Security number, visit http://www.idtheft.gov, or call the Federal Trade Commission at 1-877-IDTHEFT (1-877-438-4338).
Review your account activity.
For the next few weeks, carefully review any accounts that could have been accessed using the information provided to the scammer. The scammer may not use the information provided right away, so it's important to keep an eye on your accounts for any suspicious activity for some time after the phishing took place.
Reduce your future risk.
Using a different password for every website you use is one way to reduce your security risk. Information regarding other ways to protect yourself can be found on our Security Best Practices website.