CAB* – Learn What It Takes to Refuse the Phishing Bait! (IT Training Tip)
This week’s IT Training Tip brings National Cyber Security Awareness Month to a close. Going forward, as a Cyber Aware Bobcat, it is important to remain vigilant for cyber attacks, phishing scams, and to protect your online identity, the technology, and the information you have access to at Bates and in your personal life.
Social engineering attacks come in all shapes and sizes, and not just through email. Cybercriminals know the best strategies for gaining access to your personal information and the college’s sensitive data. The following are a few ways to identify various types of social engineering attacks and their telltale signs.
Phishing Isn’t Relegated to Just Email: Cybercriminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
Know the Signs: Does the email contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? It’s likely a phishing message, click that delete button!
Verify the Sender: Check the sender’s email address to make sure it’s legitimate. If you received an email message from the “Bates College IT Help Desk” and it’s asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message. Any message sent from the Bates College IT Help Desk will always originate from “email@example.com,” and a copy is posted to the IT Help Desk’s Announcements web page.
Don’t be Duped by Aesthetics: Phishing emails often contain convincing logos, links to actual company websites, legitimate phone numbers, and email signatures of actual colleagues. However, if the message is urging you to take action, especially action such as sending sensitive information, clicking on a link, or downloading an attachment, exercise caution and look for other telltale signs of phishing attacks. If you are not sure the message is legitimate, then don’t hesitate to contact the company or individual directly of who the email is representing; they can verify legitimacy and may not even be aware that their name is being used for fraud.
Never, Ever Share Your Password: Did we say never? Yup, we mean never! Your password is the key to your identity, your data, and the college’s’ data. It is for your eyes only! Remember that no one, including Information and Library Services Staff, will ever have a legitimate reason to ask for another person’s password whether in person, on the phone, or via email. If you’ve given away your password or responded to a phishing message with your username and password, you will want to change your password immediately by logging into Password Manager. If you don’t have access to a computer, contact the Bates College IT Help Desk, and they can lock your account until you have access to a computer.
Avoid Opening Links and Attachments From Unknown Senders: Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
When You’re Not Sure, Call to Verify: Let’s say you receive an email claiming to be from someone you know such as a colleague. Cybercriminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the email, call the individual at a known number listed in the online directory to confirm the request or contact the Bates College IT Help Desk.
*CAB – Cyber Aware Bobcat
Adapted with permission from https://er.educause.edu/blogs/2016/11/february-2017-learn-what-it-takes-to-refuse-the-phishing-baits