Office of Information Technology

Phishing Awareness Frequently Asked Questions

1. What is Phishing?  

Phishing is a fraudulent e-mail based attack disguised as a legitimate communication. The goal of the attacker is to trick the recipient into responding by clicking on a link, opening an attachment, or directly giving up account credentials, i.e. user name and password.   

2. How do I report a suspected phishing e-mail?

For Windows users:

  • Select the suspected phish and click on the Report Phishing button in the Outlook ribbon toolbar. 

 PC Menu Phish Reporter

   For Mac users:

  • Select the suspected phish and click on Outlook on the menu bar, Choose Services > General and then Report Phishing.

 

3. What happens when I report a suspected phishing e-mail using the Phishing Reporter tool in Outlook?  

Once the user submits the suspected phishing e-mail,

  • the e-mail is forwarded to IT Security and deleted from the user's Inbox
  • The PhishMe Reporter dialog box opens with the following message:  
  • PhishMe FAQ 3

4. Is the Outlook Phishing Reporter tool available for Outlook Web Access (OWA) or Office 365 portal?

No, the Phishing Reporter tool is not available for OWA or Office 365 portal.  To report a suspected phish using OWA/Office 365 portal or from a mobile device, forward the suspected e-mail to phishtrap@montgomerycollege.edu.

5. Should I ever forward suspected phish to the IT Service Desk?

No, please either use the Phishing Reporter tool or forward the suspected phish to phishtrap@montgomerycollege.edu.

6. What if I have questions about the e-mail or interacted with the contents of the phish?

Please contact the IT Service Desk. An IT Service Desk ticket will be opened for IT Security to address the issue.

7. What is the Phish Trap?

The Phish Trap is a repository of actual phishing e-mails received at the College and reported to the Office of Information Technology (OIT) by employees using the Outlook Phishing Reporter tool. Employees should visit the page to check if a phish has already been reported and/or use the site to improve their phishing awareness.   

8. What other phishing and security awareness education resources are available?

Contact Annie Shane (annie.shane@montgomerycollege.edu for a Phishing Awareness Class.

Basic safe computing and security awareness E-courses are available in MC Learns.  Available topics include:

  • Social Engineering
  • Spear Phishing Awareness
  • Malware
  • Malware links
  • Password Security
  • Data Protection
  • Mobile Devices
  • Social Networking
  • Physical Security
  • Security Outside the Office
  • Insider Threat

9. What is a PhishMe simulated phishing e-mail?

PhishMe is a program OIT will use to randomly send simulated phishing e-mail scenarios to College employees. The purpose is to promote user awareness on how to detect a phishing e-mail.

10. What do I do if I receive a PhishMe simulated phishing e-mail?

If you receive a simulated phish, don't fall for the trick.  Do what you would do with any suspected phish. Report the e-mail using the Outlook Phishing Reporter tool or phishtrap@montgomerycollege.edu.

11. What happens when I report the PhishMe simulated phishing e-mail?

Once the user submits the simulated phishing e-mail, the e-mail is forwarded to IT Security and deleted from the user's Inbox just like a real phishing e-mail would be handled.

12. What happens if I don't detect the PhishMe e-mail as a phish and click on the link?

If you click on the link in the simulated phishing e-mail:

  • you will receive a 30 - 60 second informational video or graphic
  • there is No Penalty for not detecting the phishing e-mail
  • The purpose of this e-mail is only to educate College employees on how to detect the tricks and dangers of phishing e-mails.