Many phishing scams attempt to obtain your personal information by providing links to sites that look legitimate but are, in reality, spoofed pages designed to capture your credentials or load malware onto your machine. Such messages often use a technique called URL redirection, which involves hiding the destination URL with a friendly or legitimate display URL.
To avoid falling for one of these scams, ITS recommends that you hover your mouse over a link to view the destination URL. The destination URL will appear either in the status bar at the bottom of the browser window or in a pop-up window near your cursor, depending on your browser or email client. (If you hover your mouse over this link, you will see that it directs you to the USC homepage, www.usc.edu.)
If a destination URL does not seem to pair with the contents of the email message (for example, if a link to reset your USC password leads to any domain other than usc.edu) or if you cannot determine what the destination URL is, avoid clicking the link. The best way to avoid malicious URL redirection is to avoid clicking links in unsolicited emails, even those appearing to be from legitimate sources.
Note that while hovering over a link will show the destination URL in most cases, it is possible for sophisticated scammers to hide the true destination URL in other ways. For this reason, consider hovering over links to be just one tool for protecting yourself online. If in doubt, open a new browser window and manually type in the address of the site referenced in the email.
If you think you may have been victimized by a phishing scheme, change your password as soon as possible. To change your USCpassword, type the URL of USC’s myPassword page (“https://mypassword.usc.edu“) directly into your web browser or go to the ITS website at www.usc.edu/its and click the Change USC Password icon.
For more information, see ITS’s About Phishing page.