By Joey Rego
Associate Director of Information Security
Technology has become a way of life and has made our lives easier—for the most part. But there are plenty of pitfalls if you aren’t careful. Don’t fall victim to phishing emails! Know what phishing is, learn a few techniques to identify phishing emails and contact IT if you have any questions.
Phishing emails can be pretty nasty attacks and clicking on hyperlinks in those emails can take you down a destructive path. Phishing attacks could affect not only university data and information but also your own personal information and data. We can’t stress enough the importance of being more aware of what websites you are accessing and what hyperlinks you are clicking on. The repercussions can be pretty significant.
Key things to look out for:
• Spelling and bad grammar: Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email with errors to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.
• Links in email: If you see a link in a suspicious email message, do not click on it. Rest your mouse (but do not click) on the link to see if the address matches the link that was typed in the message. .Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
• The sender: Does it make sense that the person sending you an email to a finance document has no affiliation with the finance department?
• Threats: Have you ever received a threat that your account would be closed if you didn't respond to an email message? Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.
• Spoofing popular websites or companies: Scam artists use graphics in emails that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently.
• Web addresses: Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses.
For a more detailed description and examples of phishing and how to protect yourself, see the full article on phishing.
Report phishing emails using the Proofpoint Unwanted Email Plugin in Outlook. Contact IT at ext. 7979 if you don’t have this plugin.