We've all received an email at one time or another that boasted some outrageous claim; "You've Won! Click to claim your prize!" or "The IRS needs more information," the list goes on. Emails such as these are referred to in the cybersecurity world as "phishing attempts."
While these obvious over-the-top emails continue to exist, cybercriminals have become smarter and savvier. They are employing social engineering tactics to persuade people into providing important information such as passwords, credit card information, and social security numbers in less obvious ways. The days of royalty promising big payouts in exchange for bank information has been replaced with cybercriminals posing as your bank to obtain the information they seek. Not only are scam emails becoming less recognizable, but social media and phones are now being utilized by cybercriminals as well.
With the amount of important information that is stored on computers, internet services, and websites, it is no wonder that the cyber world is one of the most common places we see criminal behavior. Being educated on these behaviors is the first step in outsmarting cybercriminals and keeping your information safe. The following is a list of phishing tips and facts distributed by EDUCAUSE, a nonprofit association whose mission is to advance higher education through the use of information technology. Familiarizing yourself with these tips will give you the knowledge necessary to combat a potential attack.
- Phishing isn't relegated to just e-mail! Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don't know the sender or caller? Seem too good to be true? It's probably a phishing attack.
- Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click the "Report Phish" button.
- Verify the sender. Check the sender's e-mail address to make sure it's legitimate. If it appears that Seton Hall's service desk is asking you to click on a link to increase your mailbox quota, but the sender is "email@example.com," it's a phishing message.
- Don't be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don't hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
- Never, ever share your password. Did we say never? Yup, we mean never. Your password is the key to your identity, your data, and your classmates' and colleagues' data. It is for your eyes only. Seton Hall's service desk or IT department will never ask you for your password.
- Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don't open attachments unless you’re expecting a file from someone. Give them a call if you're suspicious.
- When you're not sure, call to verify. Let's say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the president of Seton Hall University. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in your Seton Hall directory to confirm the request.
- Don't talk to strangers! Receive a call from someone you don't know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the service desk.
- Don't be tempted by abandoned flash drives. Cybercriminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.
Remember, cybersecurity and phishing concerns everybody. By using the techniques above you are not only protecting yourself but Seton Hall University from becoming victims of a cyber attack. Remember, think before you click!
Categories: Science and Technology