Skip to Main Content
  • Directory
  • Our Colleges
  • My Maricopa
  • Apply Now
  • Request Information
  • Find a Class
  • News
  • Events
  • Employees
Home
District
District
  • Board Operations
    • Board Policies
    • Current Agenda
    • Current Meeting Schedule
    • Faculty and Administration Collaboration Team (FACT)
      • FACT Meeting Schedule, Agendas, and Minutes
      • Adjunct Faculty Team Information
      • Interest Based Problem Solving Information
    • Minutes
    • Motions
    • Notice of Public Meeting
    • Past Agendas
    • Protocol for Addressing the Board
  • Budget
    • Adopted Budgets
    • Proposed Budget
    • Finances
      • Reports
  • Consumer Info
    • Alcohol and Drug Abuse Prevention
      • Biennial Reviews
      • Related Links
    • Disability Resources and Services Information
      • Contacts
      • Disability FAQ
      • DRS Connect
      • EEO/AA
      • Employee Resources
      • Faculty Duties and Responsibilities
      • Legal Services
      • Policies, Procedures, and Regulations
      • Student Resources
      • Training and Corrective Actions
    • FERPA
      • Annual FERPA Notification
      • FERPA Release Form
      • Request to Inspect and Review Education Records Form
      • Revoke FERPA Release Form
      • Withhold Directory Information Form
    • Maricopa County Community Colleges District NSC Resources
    • MCCCD Notifications
      • Annual Notifications
      • General Data Protection Regulation (GDPR)
      • Non-Discrimination Statements
    • Residency and Lawful Presence
      • Acceptable Documents to Establish Lawful Presence
      • Admissions and Records Offices
      • Residency Frequently Asked Questions (FAQ)
      • Residency and Legislative Compliance
      • Student Residency Form
      • Western Undergraduate Exchange Form
    • Title IX and Preventing Sexual Harassment
      • MCCCD List of Trained Advisors
      • Reporting a Sexual Harassment, Student Conduct, or Code Violation
      • Reporting a Student of Concern or a Student Conduct and/or Code Violation
      • Title IX/504 Coordinators
  • Legal
    • Petition Signature Solicitations
    • Student & Faculty Resources
    • Trainings and Handouts
    • Equal Employment Opportunity
      • FAQ
      • Procedure for Filing
      • Discrimination Complaint Form
  • Regulations
    • Approval Process
    • Crosswalk
    • Summary
    • Current Proposals
    • 1 Fiscal Management
    • 2 Students
    • 3 Instruction
    • 4 Auxiliary Services
    • 5 Non-Discrimination
    • 6 Board Resources
    • 7 COVID-19 Pandemic Policies
    • Appendices
  • Stewardship
  • Academic Freedom
    • Charter
    • Committee Membership
    • Request for Assistance
    • Training Materials
    • Case Studies & Findings
    • Additional Resources
  • Information Technology
    • Anywhere Computing
      • Frequently Asked Questions
      • Get Connected with eduroam
      • Google Workspace Storage Changes
      • Stay Protected When Remote
      • Guides and Reference Materials
      • Student Conferencing
      • Faculty Conferencing
      • Staff Conferencing
      • Softphone - Stay Connected from Anywhere
      • Top Telecommuting Security Concerns and Best Practices
      • Temporary Telecommuting and Remote Work
      • User Guides for Phones
      • Local Help Desk Resources
    • Information Security
      • Report a Cybersecurity Issue
      • Antivirus
      • Your Data
      • Governance
      • Gramm Leach Bliley Act (GLBA) Information Security Plan
      • Best Practices
      • Security Terms
      • Contacts
    • ITS Leadership Team
      • Dr. Mark Koan - Chief Information Officer
      • Jacob Vipond - Information Security Office
      • Michele Agostinelli - Academic Technology
      • Mark Dempt - ERP Support & Development
      • Matt Reeves - Infrastructure and Customer Care
  • Board Operations
    • Board Policies
    • Current Agenda
    • Current Meeting Schedule
    • Faculty and Administration Collaboration Team (FACT)
      • FACT Meeting Schedule, Agendas, and Minutes
      • Adjunct Faculty Team Information
      • Interest Based Problem Solving Information
    • Minutes
    • Motions
    • Notice of Public Meeting
    • Past Agendas
    • Protocol for Addressing the Board
  • Budget
    • Adopted Budgets
    • Proposed Budget
    • Finances
      • Reports
  • Consumer Info
    • Alcohol and Drug Abuse Prevention
      • Biennial Reviews
      • Related Links
    • Disability Resources and Services Information
      • Contacts
      • Disability FAQ
      • DRS Connect
      • EEO/AA
      • Employee Resources
      • Faculty Duties and Responsibilities
      • Legal Services
      • Policies, Procedures, and Regulations
      • Student Resources
      • Training and Corrective Actions
    • FERPA
      • Annual FERPA Notification
      • FERPA Release Form
      • Request to Inspect and Review Education Records Form
      • Revoke FERPA Release Form
      • Withhold Directory Information Form
    • Maricopa County Community Colleges District NSC Resources
    • MCCCD Notifications
      • Annual Notifications
      • General Data Protection Regulation (GDPR)
      • Non-Discrimination Statements
    • Residency and Lawful Presence
      • Acceptable Documents to Establish Lawful Presence
      • Admissions and Records Offices
      • Residency Frequently Asked Questions (FAQ)
      • Residency and Legislative Compliance
      • Student Residency Form
      • Western Undergraduate Exchange Form
    • Title IX and Preventing Sexual Harassment
      • MCCCD List of Trained Advisors
      • Reporting a Sexual Harassment, Student Conduct, or Code Violation
      • Reporting a Student of Concern or a Student Conduct and/or Code Violation
      • Title IX/504 Coordinators
  • Legal
    • Petition Signature Solicitations
    • Student & Faculty Resources
    • Trainings and Handouts
    • Equal Employment Opportunity
      • FAQ
      • Procedure for Filing
      • Discrimination Complaint Form
  • Regulations
    • Approval Process
    • Crosswalk
    • Summary
    • Current Proposals
    • 1 Fiscal Management
    • 2 Students
    • 3 Instruction
    • 4 Auxiliary Services
    • 5 Non-Discrimination
    • 6 Board Resources
    • 7 COVID-19 Pandemic Policies
    • Appendices
  • Stewardship
  • Academic Freedom
    • Charter
    • Committee Membership
    • Request for Assistance
    • Training Materials
    • Case Studies & Findings
    • Additional Resources
  • Information Technology
    • Anywhere Computing
      • Frequently Asked Questions
      • Get Connected with eduroam
      • Google Workspace Storage Changes
      • Stay Protected When Remote
      • Guides and Reference Materials
      • Student Conferencing
      • Faculty Conferencing
      • Staff Conferencing
      • Softphone - Stay Connected from Anywhere
      • Top Telecommuting Security Concerns and Best Practices
      • Temporary Telecommuting and Remote Work
      • User Guides for Phones
      • Local Help Desk Resources
    • Information Security
      • Report a Cybersecurity Issue
      • Antivirus
      • Your Data
      • Governance
      • Gramm Leach Bliley Act (GLBA) Information Security Plan
      • Best Practices
      • Security Terms
      • Contacts
    • ITS Leadership Team
      • Dr. Mark Koan - Chief Information Officer
      • Jacob Vipond - Information Security Office
      • Michele Agostinelli - Academic Technology
      • Mark Dempt - ERP Support & Development
      • Matt Reeves - Infrastructure and Customer Care
  • Directory
  • Our Colleges
  • My Maricopa
  • Apply Now
  • Request Information
  • Find a Class
  • News
  • Events
  • Employees
  1. Home
  2. Information Technology
  3. Information Security
  4. Best Practices
  5. Phishing Explained

Phishing Explained

Phishing is a type of fraud in which a hacker attempts to gather personal information or credentials by impersonating a trusted person or company brand with a link that sends you to a malicious website or file. Without proper training, a user will not easily recognize the email as a phishing attempt.

 

Content That Includes Enticing or Threatening Language

A false promise, a quick reward, or a threat that you will lose something can create a sense of panic, urgency, or curiosity. 

Emails that have an aggressive tone or claim that immediate action must be taken to avoid repercussions should immediately be considered a potential scam. Two examples of this are phishing emails telling users their critical accounts are locked or that an invoice must be paid to avoid services being suspended.

 

Email Addresses Can Be Spoofed

Never trust an email-based simply by the sender email address. Hackers have many ways to disguise emails and “spoof” the “from” sender. A common type of spoofing uses a visible alias and cousin domains. 

Visible alias spoofing, known as “display name spoofing,” is where the phisher uses a legitimate company name as the email sender, such as microsoftsupport@microsoft.com, but the email underneath is a random address like xyz.abc@yahoo.com. This is especially effective on a mobile device because the sender’s email address is hidden.

A cousin domain looks identical to a legitimate email address, but it has been slightly altered. For example, to spoof an Apple.com email, the hacker might use Apple.co. In other cases, hackers will use confusing extended domains, such as icloud.accounts@apple.com.support.zai.co.

 

Links Aren’t Always What They Seem

Every phishing email includes a link, but phishing links are deceptive. While the link text might say “Reset Your Google Password,” the URL takes the user to a phishing page designed to look like Microsoft. Make sure your employees hover over all links before clicking them to see the pop-up that displays the link’s real destination. If it is not the website expected, it is probably a phishing attack.

It is most important to make sure that the core of the URL is correct. Be especially cautious of URLs that end in alternative domain names instead of .com or .org.

 

Phishing Links Can Be Sent via Attachment

All phishing emails contain a link, but it’s not always in the email. To avoid detection by email security filters, hackers will include a phishing link in an attachment, such as a PDF or Word doc, rather than the body of the email. And because sandboxing technology scans attachments for malware, not links, the email will look clean. The email itself will appear to be from a legitimate business, vendor, or colleague, asking you to open the attachment and click on the link to review or update information.

 

Hackers Use Real Brand Images and Logos in Phishing Emails

Brand logos and trademarks are no guarantee that an email is real. Brand images are public and can be downloaded from the internet or easily replicated. Even antivirus badges can be inserted into emails to persuade victims into thinking an email is from a legitimate source. While most email filters can spot a known phishing URL, they cannot spot a counterfeit image unless they have machine learning and computer vision capabilities.

 

Attacks Are Becoming More Personal

Spear-phishing attacks can be very personalized from purported colleagues and are designed to evoke fear of consequences at work. A classic example is an urgent email from your manager requesting gift cards or a wire transfer. Receiving such a request from a higher level executive puts pressure on the employee to act quickly—without thinking it through. Another example is the direct deposit spear phishing email, which is designed to pressure an employee into changing direct deposit information.

 

An Employee Received a Phishing Email—Now What?

Deleting the offending email is not the solution—Information Security (IS) needs to know that you are being targeted. Please contact the Information Security department immediately and forward your suspicious email to protectprivacy@maricopa.edu so that the Information Security department can take appropriate action.

Information Security

  • Report a Cybersecurity Issue
  • Antivirus
    • Sophos Home Commercial Edition FAQs
    • Sophos at Work FAQs for Employees
  • Your Data
  • Governance
  • Gramm Leach Bliley Act (GLBA) Information Security Plan
  • Best Practices
  • Security Terms
  • Contacts
  • Our Colleges
  • Campus Maps
  • Request Information
  • Future Students
  • Apply Now
  • Tuition and Paying for College
  • Financial Aid
  • Transfer Options
  • Governing Board
  • Employees
  • Careers
  • Annual Notifications
  • Non-Discrimination Statements
  • CARES Act
  • Policies and Legal
  • Budget
  • Institutional Data
  • Trade and Career Training
  • Doing Business with Us
  • Consumer Information
  • Police
  • Disclaimer
  • Handbooks and Manuals
  • Report Web Accessibility Issue

Connect with Maricopa

  • Twitter
  • Facebook
  • YouTube
  • Instagram
  • Linkedin

Download the MyInfo App

  • Download the MyInfo App on the App Store.
  • image/svg+xml Download the MyInfo App on the Play Store.
Maricopa Community Colleges

Maricopa Community Colleges

2411 W. 14th St., Tempe, AZ 85281 | Contact Us | 480-731-8000