Stay Out of the Phish Bowl

Owned by Lauren Young (Deactivated)
Last updated: Oct 10, 2023
3 min read

This article dives into the types and forms of phishing that exist. For a quick overview of phishing and its red flags, see Detect and Protect Yourself from Phishing.

If you believe you have received a phishing email, report it.

How Phishing Works

Phishing is a form of digital social engineering. Social engineering is a technique that involves deceiving or psychologically manipulating victims into revealing sensitive information, providing access to internal systems, or performing other actions meant to weaken security. The attacker will gather information on the victim, and then use that information to create a false scenario (e.g., USPS package at warehouse, school email deactivation) or impersonate a trusted entity. If the victim makes the mistake of trusting the attacker (i.e., phishing messages), they will be led to make the wrong choice.

Be aware of the information you post online whether they are geo tags, birthdays, or businesses that you often use. Social engineers can use this information to target you.

Types of Phishing

These are the most common types of phishing, but there are more out there. Always navigate any digital interaction with a good amount of caution.

  • Spear phishing is a targeted phishing message. Unlike general mass phishing emails, it is tailored for a specific victim through personal information made available on social media or by spying on online activity.

  • Vishing takes place over the phone in the form of calls or voicemail messages. Attackers may pretend to be government services (often the IRS) or financial institutions.  

  • Smishing is a phishing variant that occurs through text messages or messaging apps. These attacks can come from unknown numbers and may sometimes start with an innocuous line (e.g., “Are you going to the wedding this weekend?”). 

  • Whaling, like spear phishing, takes place through a targeted message. In this case, however, the message will appear to be from a person of authority. The attacker will try to get the victim to perform financial transactions for their organization or business. 

Examples of Phishing

  • “Are you there / available?” This kind of message is short and designed to prompt the victim to respond. It is often paired with a request to complete a task (such as buying gift cards) and may appear to be from a professor or university official.

Example from Carnegie Mellon University:

Good to hear from you. I need to get three iTunes gift cards for my niece. It's her birthday but I can't do this now because I'm currently traveling. Can you get them for me from any store around you? I'll pay back next week when I get back home.

  • Employment offer scams. Scammers often send out job offers for work-from-home positions like a “personal assistant service”. Do your research on these “companies” and be suspicious of offers or updates for positions you did not apply for. Honest employers will not ask you to deposit a check, or to buy equipment with it.

  • “Urgent: Your uconn.edu Email Deactivation Request” This message is targeted at those in the UConn community. It will ask you to click on a link to fill out or “verify” personal account information, which, if done, will give the attacker access to your account.

For an example of a phishing email with red flags pointed out, see Detect and Protect Yourself from Phishing. You can additionally test your knowledge by taking this quiz. Remember to do your due diligence with your inbox by confirming the sender’s identity, hovering over links, and reporting phishing and spam messages.

Related Articles