Phishing, a cybercrime, is a fraudulent attempt to gain access to sensitive information and data. Criminals will impersonate legitimate businesses or entities to try to trick a user into giving them sensitive information.
What is the difference between spam and phishing?
Many people confuse spam emails with phishing emails and vice versa. Spam is the unsolicited junk email sent by companies and businesses to sell or advertise products. While annoying, there is usually no malicious intent behind it. Phishing scammers always have malicious intentions -- they try to obtain sensitive information in order to engage in fraud or launch cyberattacks.
What do you if you suspect phishing?
If you see something, say something. Colleagues should use the "Report Phish" button at the top right of the Outlook mailbox to report any possible phishing emails. This will help keep UNMC and Nebraska Medicine secure, since the information security team can analyze and investigate reported phishing emails. See more information about how to "Report Phish" and examples of phishing emails.
Helpful tips to assist in "squishing the phish":
If you receive an email from a familiar company (I.e., your bank, Amazon, FedEx) and were not expecting the email, go directly to the company's website (Google search the company). Do not click on any links in the email that you received.
If you receive an unexpected phone call, disconnect and find the official number of the entity that was claiming to call you. Do not call any numbers that were included in the suspicious email.
Login to the Security Education Platform to watch some humorous videos about phishing, as well as a video on how to use the "Report Phish" button.