University of Southern Indiana

Phish Tank

What is Phishing?

Phishing is a social-engineering attack that uses email or malicious websites (clicking on a link) to steal personal and financial information or infect your machine with malware and viruses.  The cybercriminal may email, call, offer a website, or all three to steal your personal information.

What can a cybercriminal do with my email account?

We have seen instances where the criminal has dumped everything in the compromised mailbox.  The criminal will proceed to use special tools to extract contacts, email addresses (people you have emailed), and anything that could be of any value.

What Value?:  Social Security Numbers, birth dates, addresses, Driver’s license numbers, passport numbers, bank accounts, credit/debit card numbers, retirement fund accounts, ebay, Paypal, Amazon, employee flex benefit account and Health Savings Account (HSA) numbers. 

The criminal will use the info that they glean to access other accounts – hoping that you use the same password on multiple sites.  We have seen money lost, lives destroyed.

Use different accounts/passwords on different sites.  Do not KEEP or SEND any confidential information via email.  You don’t know if the recipient will delete your information, or if their machine has a virus.  You lose all control when confidential information is given via email.

If we haven’t scared you already – there is always the possibility that someone is “sniffing” the wire/air where you are passing email.  This person doesn’t have to be a sender OR recipient to glean unencrypted data.

Use the links on the left to see archived Phishing messages that have been reported, and tips to recognize a Phishing email message.

Contact Information Technology


Send Email to