- What is phishing?
- What kind of information should I protect?
- What is the difference between spam and phishing?
- Is phishing done only through email?
- How do I avoid becoming a victim of a phishing scam?
- What if my personal email account, bank account, or other accounts were compromised?
- How do I report a phishing email?
Phishing is a common type of scam used to elicit confidential, lucrative, and/or sensitive information. Most often, phishing comes in the form of emails appearing to be sent from a trustworthy company or person but containing malicious links, requests for information, or harmful attachments. Some links in phishing emails contain malware which, if clicked, will install malware onto your device that can monitor your computer’s keyboard. These recordings capture information such as passwords or credit card numbers and then relay that data to identity thieves.
What kind of information should I protect?
You should protect all sensitive and confidential data. For information on what is considered sensitive and confidential data, see itservices.usc.edu/security/sensitive-info.
What is the difference between spam and phishing?
Spam is electronic junk mail or, more broadly, unsolicited sales emails. Spam differs from phishing because spam emails will not request sensitive or confidential information; rather they will attempt to sell you an item, service, or subscription.
Is phishing done only through email?
No, scammers also utilize phone calls, SMS texts, and social media sites to trick you into giving up sensitive and confidential information.
How do I avoid becoming a victim of a phishing scam?
- If you receive a request in which you are asked for confidential information, do not reply or click links or attachments.
- Remember that neither USC nor ITS will ever request that you submit personal information, including any passwords, over email.
- Never provide confidential information or documents through email. Always call or provide this type of information in person, when possible.
- If in doubt about an email, call the company/individual directly to verify. Be sure to call the phone number listed publicly online (if applicable). Do not use any phone numbers listed in messages sent to you.
- For more information on how to stay secure, check out the security tips page at itservices.usc.edu/security/tips.
What if my personal email account, bank account, or other accounts were compromised?
Email email@example.com immediately to be advised on how to proceed.
How do I report a phishing email?
For information on how to properly report a phishing email, visit itservices.usc.edu/reportingphishing.
For other questions, please contact firstname.lastname@example.org.
For a list of phishing emails recently sent to USC account holders, please see the ITS Security Blog.