What is Phishing?

“Phishing” is an attempt to acquire sensitive information from an individual by masquerading as a trusted entity.  The term refers to the specific content of an electronic communication which is the “bait”.

There are many different types of information that a sender may try to obtain:

  • Usernames and passwords, to Vassar resources or external sites, such as banks
  • Credit card information
  • Social security number, driver’s license, or other identifying information
  • Mailing address and phone number

The content of a phishing message could contain any of the following:

  • A URL, or link, for a website that downloads and installs malware or viruses
  • A URL, or link, for a website that asks a user to fill in sensitive information, as listed above
  • An attachment in PDF, docx, or other common format that when downloaded will install malware or a virus

Why is this different from spam?

Spam is an electronic communication specifically designed to draw people to a site that sells services.  It is a digital version of telemarketing.  Although spam can be annoying, there is usually no harmful content in the message.  Phishing is a direct attempt to obtain information, whereas spam is an attempt to draw people to a valid, if unsavory, online consumer site.