Help in preventing phishing attacks
Posted by Dan Robinson on 10 February 2017 02:28 PM
Phishing is a technique that involves tricking a user to steal confidential or sensitive information, passwords, etc. Phishing can come in the form of email messages or posts on social media websites and apps and most appear to be from person or business you know.
There are two predominate ways that Phishing messages try to take advantage of the user. Phishing messages often request a user to reply sending sensitive information or they will provide a link to a website that has been comprised and setup to appear like a website you have business with or are familiar with.
Request for sensitive information
Phishing messages may seem like they are coming from a person you know. They may even appear to be sent from the same email address but will have a different reply address that is not the same as the person you know. When replying to any email take a moment to make sure the address you are sending to is the same as the user. For example, a email may come from Joe Smith (email@example.com), but when you hit reply the email address in the to field now becomes Joe Smith (firstname.lastname@example.org). Thus, your email is not being sent to Joe Smith (email@example.com) but rather Joe Smith (firstname.lastname@example.org).
Request for information through a website link
Some phishing messages may include a link that takes the user to a site known to have a confidential website, but they’re mere mimics with zero confidentiality. Thus, overconfident users could be involved in attacks that are aimed to steal personal data.
Any easy way to tell if the link is legit is to hold your mouse over the link. If the text for the link says amazon.com/myaccount but the text in the tooltip that pops up says amazon.somewherebad.com/myaccount or amzone.com/myaccount it is not the same site and you should never click on it. If fact, a good rule of thumb is to never click on the link, but rather open your web browser and navigate to the site through google search or by typing the address in yourself and doing so only for sites or companies you are familiar with.
So, what can I do?
It is easy to be tricked and the phishing messages are becoming more and more savvy. It is always a good rule of thumb, that when asked for any sensitive information or when sent a suspicious message to double check with the user or business for whom the message appears to have come from. Give them a call or send them a separate message asking “Hey did you send this”.
So what if I have to send sensitive data to someone?
The easy answer is don’t. But if you absolutely must you will want to use an encrypted email service or put a password on the file you are sending then call and verbally give the password over the phone to the recipient. Most programs like excel, word, pdf or zip files allow you to password protect the file.
Here are 10 tips from phishing.org on how to avoid phishing attacks.
Additional information about phishing can be found at phishing.org.
Read more »
Beware of phishing emails.
Posted by Matthew on 12 March 2013 02:02 PM
There is a new phishing email going around that looks to be from "Outlook" The message reads,
This and other emails like it attempt to glean personal information (such as your login information) by tricking you into thinking it's coming from a reputable source. DO NOT RESPOND to such emails. If you have already responded, please immediatley change your password and contact the help desk for further instructions. Northwestern College will NEVER ask you for your username or password via email!
Read more »