Happy Holidays from Phishing Scams

Phishing is word that strikes fear in the heart of anyone concerned with cybersecurity (which should be everyone). These scams increase in frequency over the holiday season, since people are busier and less likely to carefully inspect a message to verify its legitimacy. What are the tell-tale signs of a phishing attack? 

Phishing is more than just email. Hackers may try to attack via phone call, text message, or other messaging systems too. If you don’t know who’s contacting you, or the offer seems too good to be true, stay safe and don’t respond to the bait. 

Remember the telltale signs of phishing. Does that email contain copious grammatical errors, a vague introduction that doesn’t mention your name, or an urgent message that’s scary? Does it contain an offer that seems too good to be true, or ask you to verify your password? It’s probably phishing. 

Check who sent the message. Is their email address something like universityhelpdesk@ymail.com? Or does it have an unknown domain name that doesn’t seem at all related to the place that they’re claiming to contact you from? 

Don’t be convinced because it “looks official.” Scammers are getting better and better at making a phishing attack appear to be legitimate by using real company logos and contact information. Even if an email looks like it’s real aesthetically, look carefully for signs of phishing in the actual content. Don’t react emotionally, even if the message looks scary. This is the response that the hackers want! 

Never reveal your password. Never. A message asking you to verify your password is almost certainly malicious. Remember, ITS will never ask for your password! 

Don’t open links or attachments. If the message seems to be even the faintest bit suspicious, do not open any attached links or files. This is how hackers install malware on your computer. 

When in doubt, contact and verify. Contact the person or company that the message claims to be from, be it a friend, coworker, or even a company that you regularly shop at. 

Don’t talk to strangers! That old childhood rule still applies. If you don’t know who’s calling or messaging you, be cautious. If they’re asking for personal information or making odd requests, hang up that phone and don’t do what they say. 

Don’t pick up abandoned flash drives. Cybercriminals sometimes leave flash drives with malware on them for unsuspecting victims to pick up and plug into their computer, unknowingly installing malicious programs. 

Report possible phishing to ITS. Do you think you’ve received a phishing email? Report it using the Phish Alert ButtonIf you think you may have clicked on a link that you shouldn’t have or given someone your personal information, contact the Help Desk at ex.3333 or helpdesk@etown.edu. 

  

Adapted from http://er.educause.edu/blogs/2016/11/february-2017-learn-what-it-takes-to-refuse-the-phishing-bait