Phishing Exercise

This was a phishing exercise performed by Georgia Tech Cyber Security. If it were real, you would have just given your information to a criminal. The information below will help you identify bad messages.

In this exercise you saw a slightly modified phishing message that Georgia Tech faculty, staff, and students have received. The message is annotated below to show you how you could identify the message as phishing.

Note that vast majority of legitimate Georgia Tech websites will have a domain ends in “gatech.edu”. If you receive a message purporting to be from Georgia Tech and it is directing you to login to a site that is not in the gatech.edu domain, be very wary! You can also check the Georgia Tech Phishbowl to see if the email message has been reported as a phishing attack or as a valid message.

To protect yourself from phishing attacks, look out for emails and messages that have any of these six characteristics:

  1. A request to click on links
  2. An unexpected attachment
  3. A sense of urgency
  4. An appeal to human greed and/or fear
  5. A request for your sensitive data
  6. Any non-Georgia Tech websites asking for your GT account information

Always check the URL of the site you are visiting by hovering the mouse over the link. If it is not a Georgia Tech website, do not give your credentials. Many times phishers direct you to an imitation website that appears legitimate which they use to steal your password or other sensitive data.

When in doubtstop and ask!!

If you have any questions or feedback related to this exercise, please contact your unit’s technical support or Georgia Tech Cyber Security (phishing@gatech.edu).