Why do people send Phishing email? What does it achieve?

First, what is “Phishing”?

Phishing is the vernacular for an attempt by a person to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication (usually an email). Here at the University of Waikato these messages usually claim to be from ITS, another colleague, social web sites, auction sites, online payment processors, or IT administrators.

Phishing emails often contain links to websites that masquerade as an internal Waikato login page, and can look quite convincing. Falling for a Phishing email can be quite devastating, and can involve personal financial loss to the staff member involved as well as the loss of corporate or student data.  Once a “Phisherman” has access to your University account, they have access to your email and Google Drive.  Ever emailed your credit card or bank account details to anyone?  Now the hacker has those too!

Spotting a Phishing Email

1. The message contains a mismatched address

2. Addresses contain a misleading or misspelled domain name

3. The message contains poor spelling and grammar

4. The message asks for personal information

5. The offer seems too good to be true

6. You didn’t initiate the action

7. You are asked to send money to cover expenses

8. The message makes unrealistic threats

9. The message appears to be from a government agency


Still not sure if that message is legit?  Forward the email to help@waikato.ac.nz and well check it out for you.