Phishing FAQ
What is phishing?
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and often directs users to reply or enter details at a Web site, although phone contact has also been used. (from Wikipedia)
How do I protect myself?
Legitimate institutions will not ask anyone to send them their password by email for any account. At OIT, we do not ask anyone to send us their password. Do not respond to any requests for your password.
Should I report a phishing attempt to OIT?
If you think you are the target of a phishing email, please forward the email with full headers to help@oit.duke.edu. When a phishing attempt is reported to OIT, we do our best to block future attempts from these addresses.