Friday, August 17, 2018

Don't Play the Phishing Game!

Over the last few weeks, ESU has experienced a variety of wide-spread phishing scams. While some of them may have looked different than others, they all had one thing in common - they wanted you to give up your valuable information, such as your username and password.

Let's talk about the concept of phishing for a minute, so you don't play the phishing game!

Phishing attacks use email or malicious websites to collect personal (username, password…) and financial information (credit card number…) or infect your machine with malware and viruses. Many times, these attacks begin with a cybercriminal sending a message pretending to be from someone or something you know, e.g. a friend, your bank, PayPal etc.

Spear phishing scams are highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems. For example, a cyber criminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. In our case, cyber criminals pretend to be someone from the University you know, to make you more likely trust the message.

Phishing and other scams are not limited to just email. They are also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.

How you can recognize a phishing email:
  • Check the email address. If the email appears to come from a legitimate organization, for example our University, but the FROM address is someone's personal account such as @hotmail.com this is most likely a phishing scam.
  • Does the email address you by your name or something generic such as "Dear Customer?" If a trusted organization has a need to contact you, they should know your name.
  • Watch for grammar and spelling errors.
  • Phishing emails often call for "immediate action" or create a sense of urgency in other ways. Scammers are using this as a technique to rush you into making a mistake.
  • Be careful with links and only open the ones you are expecting. Also, hover your mouse over the link and see if the destination matches what you are expecting. Similarly, only open attachments you are expecting.

 How you can avoid phishing scams:
  • Don't reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in emails.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company or person directly. Contact the company using information provided on an account statement or other document, not information provided in an email. Alternatively contact the IT Help Desk to learn about known phishing scams.
  • Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

If you think you may have been scammed, contact the IT Help Desk immediately!