FSU's Department of Information Technology will never ask you for your password.

Email Phishing

  • What is phishing?
    • Phishing is a form of cyber-attack where the attacker ‘mimics’ another person, university or business with the hopes of tricking the user into clicking a link and/or providing their personal information.
  • What do they want?
    • Your identity!
      • Oftentimes the attacker is looking for personal information – social security number, username and password, or banking information – in order to gain access to your account(s).
    • Control!
      • Other times the attacker is attempting to infect or take control of your device.

What’s in their ‘bag of phishing tricks’?

  • The best defense is being informed and knowing how to avoid becoming a victim to a phishing email. Attackers have quite the array of ‘tricks’ they use to trap a user such as:
    • URGENCY! Telling you this needs immediate attention, or ELSE!
    • Suspicious links
    • Attachments
    • Using the same logo/format as an email you’d expect to see from an otherwise established institution to gain your trust
  • Do NOT:
    • Do NOT maintain any personally identifying information such as driver’s license, SSN, passwords, credit card numbers, or date of birth in your emails;
    • Do NOT write your passwords down, share or email your passwords to anyone, or use commonly constructed passwords (pet names, family names, SSN, etc.);
    • Do NOT walk away from your computer while still logged into your email without locking your screen;
    • Do NOT use your date of birth or easily obtained information for passwords or password reset questions.
  • Do:
    • DO safeguard your passwords and information;
    • DO always lock your computer and/or device;
    • DO report any suspicious emails to;
    • DO use common sense and a critical eye when reviewing emails;
    • DO always log in with a trusted URL;
    • DO verify the link sent in an email by 'hovering' over to see its true destination;
    • DO verify the sender of the email by 'hovering' over their name to see what email address was used.

Oh NO! I just answered that phishing email; what do I do now?

  • If you responded to a request for a password and/or provide account information to someone inadvertently:
    • Change your password to a dissimilar and better password immediately.
    • Notify the Tech Commons immediately at 304-367-4810.
    • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for suspicious charges to your account.