Phishing Info

Phishing is a growing threat to organizations and individuals across the world. At Berea College, resources are available to users to help identify and mitigate risk associated with phishing.  Attack methods used are quickly becoming more sophisticated, with this knowledge it is important for all members of the Berea community to be proactive and aware.  Phishing can occur through multiple means, not solely email. Users must be aware of email, phone calls, text messages, app upgrades on smartphones, social media, and even USB based attacks. It is important to be proactive with protecting data instead of waiting to be reactive.

To view examples of actual phishing attempts that have occurred at Berea College, please select the images below.  Training is available for Berea College employees to provide education and awareness about phishing attempts. The college Information Security Officer will always be glad to coordinate employee and student education on IT Security awareness topics as requested.

  • Hover your mouse over the linkDropbox Phishing Image
    • Does the address match up with the address within the email?
    • For example, you may receive an email that has a link that looks like it would go to www.walmart.com, however, if you hover your mouse over, you will see in the lower-left corner of your browser a different address, such as www.thisisnotwalmartbutascam.com.
    • Doing this helps prevent you from ever interacting with the malicious site and helps keep you and the college safe!
  • Don’t open email attachments that you are not expecting
    • A common attack method for hackers is to infect PDF and Word/Excel files, that when downloaded and opened, run a series of code that seeks to obtain your information and/or encrypt and deny you access to your workstation.
    • If you receive a suspicious email with one of these files attached, do not download or execute the file! If the email looks like it’s from someone within the college, reach out to them in a separate email to verify that they had indeed meant to send the email.
  • Sometimes phishing emails can look like legitimate services
    • Attackers will often spoof known service pages to trick you into clicking their links. These will range from Office365, Netflix, Amazon, PayPal, and more.
    • Often these will look very similar to the actual email layouts used by these services but will be slightly off looking. If you are ever sent an email that says there is an issue with your account on one of these services, DO NOT click the link within the email!
    • Instead, you should browse to the website the services uses and login there, to verify if there is actually anything wrong with your account.

When you have a concern about what you may consider a phishing attempt, the best resource is to contact the IS&S Help Desk (859) 985-3343 or spam@berea.edu.

Phishing Examples Listed Below: