Text Size:   A+ A- A   •   Text Only
Site Image

Common Phish Sense

Phishing is an identity theft scam in which "spammers" use an authentic looking e-mail to trick you into providing personal information such as credit card numbers, social security numbers, passwords, and account information.

How to Spot A Phishing Scam

At first glance, it may not be obvious to you that an e-mail from a company with whom you do business is fake. In a typical scenario, a phisher sends an e-mail that appears to come from a legitimate business – the government, a bank, a credit card company – requesting verification of information and warning of some dire consequence if it is not provided. Legitimate companies do not ask for personal or private information via e-mail. The e-mail usually contains a link to a fraudulent web page that appears authentic.  Look for:

  • Logos that are not an exact match to the company’s logo;
  • Spelling and grammatical errors;
  • Variations on a well-known company hyperlink, such as, www.microsofts.net (notice the link ends with .net, not .com);
  • E-mail headers which are unrelated to the company mentioned in the e-mail;
  • Links in fraudulent e-mails typically point to a bogus address. Never click on a link in an unsolicited e-mail. Always go directly to a company’s website by typing their known address into your browser window and then log in to check your account;
  • Legitimate companies will never ask you to supply personal information via e-mail.

    phishing email example 

Symptoms of an infected computer

  • Your computer suddenly becomes sluggish or freezes frequently;
  • You see pop-up advertisements all the time, even when you aren’t browsing the internet;
  • Your browser home page is reset to something you did not expect;
  • Settings on your computer may have changed and cannot be changed back to how they were.

Avoid getting hooked by a phishing scam

  • Delete it. Be suspicious of unsolicited e-mail and do not open it. Opening a spam e-mail confirms to the sender that the e-mail address is valid.
  • Close it. Never click on a pop-up advertisement in a browser window. The best method to close a browser window is to use the combination of ALT+F4 on your keyboard. No clicking!
  • Protect it. Never provide personal or protected information about you or your organization in response to unsolicited e-mail. Directly verify the identity and authority of the sender.
  • Be observant. Before sending secure information over the Internet, note whether the web page is secure. Check for the “lock” icon in your browser’s status area in the lower right corner of the browser window. Also check that the web address of the page begins with https://
  • Never install unauthorized software on your work computer. Many downloaded software programs also install additional malware without your knowledge. It is against DHS policy to install unauthorized software.
  • Review credit card and bank statements as soon as you receive them to check for unauthorized charges.

Getting help

If you suspect you’ve received a fraudulent e-mail, please contact the Information Security Office at: dhsinfo.security@state.or.us.

If your work computer displays any of the symptoms listed above, contact the OIS Service Desk at 503-945-5623.