Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Enterprise Strategy
    • FirstTech
    • IT Volume Purchasing
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Optimization
    • Project Portfolio Management
  • Resources
    Resources
    • COVID-19 Resources
    • Cybersecurity & Risk Management
    • Data Protection & Privacy
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Events
    • Press Releases
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   Cybersecurity & Risk Management »   Cybersecurity Awareness »   CyberSecureNC for Schools & Students »   Common Phishing Attacks

Common Phishing Attacks

Remote learning keeps students and teachers constantly connected to the internet, and that means that the more they are online, the greater the chance of a scammer trying to trick them.

Phishing is a common way cybercriminals try to steal a person’s personal information or to install harmful software, called malware, on someone else’s computer.

Typically, in a phishing attack, a scammer sends a message – whether over email or social media – that might look like it is from a trustworthy person, company or charity. The message might suggest there is a problem or that someone needs help and that the recipient can take action by clicking a link. That link sends the user to a fake website and captures personal information or secretly downloads malware onto their device.

Phishing attacks might also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as holidays, natural disasters, elections or health emergencies.

Students and teachers who know about the most common phishing attacks can avoid falling for them. Learn about more ways to avoid phishing attacks.

Email Phishing

Most phishing attacks use email. A scammer registers a fake domain or website name that mimics a real organization and then sends out thousands of generic requests.

The fake website name often replaces one letter with another. For example, "r" and "n" might be put together to make "rn," which looks like "m." 

Phishing attacks might also use an organization’s name in a fake address (e.g., paypal@domainregistrar.com), so that a legitimate sender’s name (e.g., PayPal) appears in the recipient’s inbox. 

Always check URLs and email addresses if you’re asked to click a link or download an attachment.

Spear Phishing

Spear phishing is when a cybercriminal sends a harmful email to a specific person that includes personal information to better trick them. That information might include the person's:

  • Name
  • School or employer 
  • Grade level or job title 
  • Email address 
  • Details about their school or job role

Smishing & Vishing

In smishing, scammers send text messages. Vishing involves telephone calls. In both, like in email phishing, scammers try to trick the recipient into clicking on a link or attachment or sharing personal information. 

Angler Phishing

Angler phishing involves using social media to trick people into giving up sensitive information or downloading malware. 

Scammers might use fake URLs, instant messaging and cloned websites, as well as posts and tweets. Highly targeted attacks might also be based on information that people willingly post on social media. That information includes geotagging, names, birthdays and vacations.

(Source: ITGovernance.eu)

CyberSecureNC for Schools & Students

  • Students
  • Parents & Caregivers
  • Teachers & Administrators
  • Education & Careers
  • Student Art Contest
  • Common Phishing Attacks
  • Cybersecurity Words & Definitions

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/cybersecurity-risk-management/cybersecurenc/school/phishing