What is a phishing message?
Per the Computer Security Resource Center - [Phishing is] a digital form of social engineering that uses authentic-looking—but bogus—e-mails to request information from users or direct them to a fake Web site that requests information. This is a form of cybercrime intended to steal user information, including passwords, addresses, credit card info, etc. Voice calls, text, apps, email, social media, and websites can all be used by hackers to trick you into providing personal information or credentials. Attackers can then use this information to gain access to other systems within your organization, including those that could have sensitive data. These malicious messages should be deleted immediately.
What are the signs of a phishing message?
It's important to remember that any message, particularly emails, could be a phishing message, even if it appears to be from someone you know or trust. Most phishing messages are designed to exploit your trust of individuals or companies, and can take many forms:
- Messages from companies or banks that suddenly announce an interruption of service.
- Unannounced emails from sites like OneDrive stating you have had a file shared with you.
- A friend or family member stating they are in a dire emergency and asking you to send money.
- Job opportunities that seem "too good to be true", often citing a large amount of money for little work.
Things to look out for when you receive any message
- Is there a caution banner on the top of the message indicating it is from off campus?
- Instead of clicking on links from companies, Google their official page and access it from there.
- If you were NOT expecting something from the sender...
- Call or text them at a known number
- Send a separate email to the sender asking about its legitimacy
- Do not open any attachments you did not expect to receive.
- Just like snail mail, anyone can send a letter/email claiming to be someone else such as Kate Morris, use caution before responding or giving out personal information
- What is the reply to address, is it legitimate and check for a caution banner.
- PAUSE, THESE MESSAGES ARE MEANT TO PANIC YOU
- They are written with urgency to rush you into making a bad decision.
How to confirm if a message is legitimate
- Google the subject line and see if it is a known malicious message
- If it sounds too good to be true, it probably is
- Check to see if IT has sent an alert to campus about malicious activity
- Verify the email sender
- Look for grammatical errors or spelling errors
How to stay safe from phishing attacks
- Enable Multi Factor Authentication (MFA). For your St. Lawrence account, download the Microsoft Authenticator App.
- Be very careful when clicking on links. Before you click, you can hover over a message to read the internet address of that website. If you do not recognize it or it is spelled incorrectly, don't click it!
- Make sure to use long passwords and different passwords for every account.
- Use a password manager .
- Do your updates on all your devices, most often those updates are security patches.
- Delete old accounts from sites and apps you no longer use.
- Check your credit report regularly
What to do if you recognize you have received a phishing message
You can forward any messages you believe are phishing messages to phishing@stlawu.edu. Then delete them from your inbox.
If you believe you are the victim of a phishing attack, St. Lawrence has a guide of what to do in response.