- Home
- Take Action
- Education & Guides
- Password Management
- Phishing
- Physical Security
- Theft of Computer Equipment
-
Policies & Procedures
- Account Access and Recovery
- Alabama Breach Notification Act of 2018
- Admin Systems Security Access Authorization Process
- Copyright Information
- E-mail Policy
- Information Technology Usage Policy
- International Travel Requirements
- World Wide Web Policy
- Technology Policies
- Technology Standardization Guidelines
- Additional Resources
- Quarterly IT Security Award
Phishing
Recognizing and Avoiding Phishing Scams
Phishing continues to be one of the most common methods used by attackers to deceive individuals into giving up personal or sensitive information. The best defense is awareness.
What Is Phishing?
Phishing refers to fraudulent attempts, typically via email or text, to trick you into revealing personal information such as login credentials, financial data, or installing malicious software. The goal may be to access your accounts, steal your identity, commit financial fraud, or infect your computer with ransomware.
Sometimes the sender impersonates someone you know or trust, like a coworker, supervisor, or friend. This targeted form of phishing is called spear phishing. Modern phishing messages are more sophisticated than ever. Knowing the warning signs can help you avoid falling victim.
Signs of a Phishing Attempt
- The sender’s email address doesn’t match their claimed identity (e.g., it looks like it’s from Troy University but isn’t from “@troy.edu”).
- Links in the message point to unfamiliar or suspicious websites.
- Requests for your username, password, or login credentials. Troy University will never ask for your login info by email, phone, or text.
- Unsolicited requests for personal information like your Social Security number, home address, or date of birth.
- Email attachments that seem unexpected or out of context.
- Unusual or awkward language in the message.
- Promises of payment or job offers that require you to submit information first.
Watch a YouTube video on phishing
Common Phishing Tactics
- Messages claiming urgent action is needed to verify an account or reset a password.
- Fake employment offers asking for your personal details.
- Health warnings or fake illness alerts spreading within a department or workplace.
- Requests for gift cards or cryptocurrency.
- Fake shipping updates or bogus invoices.
- Scams promoting student loan forgiveness or debt relief.
See examples of phishing scams
What You Should Do
- Pause before you act. Don’t respond or click anything without thinking it through. If you're unsure, check the message again on a larger screen.
- Don’t open attachments from people you don’t know or messages you weren’t expecting.
- Never respond to emails or pop-ups asking for personal data.
- Hover over links (or tap and hold on mobile) to see where they really go.
- Verify through official channels. If something seems off, contact the person or organization using contact info you already trust—not the info in the suspicious message.
- Don’t send money (cash, gift cards, or cryptocurrency) without confirming the request directly with the individual.
- Avoid wire transfers. Legitimate organizations or government agencies will not ask for this.
- Protect your social media. Limit what others can see and who can post to your profile. Attackers often mine this information to make spear phishing more convincing.
How to Report Suspicious Messages
- Use the “Report Phishing” option in your Troy University email service. Reporting suspicious messages helps improve email filtering and protects others.
- If you believe you’ve responded to a phishing message, stop communicating immediately, change your passwords, and enable two-factor authentication where possible.
- If you think your Troy University account has been compromised, contact the IT Security Office immediately: https://it.troy.edu/security/index.html