Email sent by Rene Thatcher on October 18th 2022. Written by Josh Dsouza, Marissa Foster, Emileen Garvin, and Rene Thatcher.
Tuesday Tip #3 - Recognize and Report Phishing: If a link or email looks phishy, think before you act. It could be an attempt to get sensitive information or install malware.
Cybercrime is a lucrative business and colleges are big targets for malicious attacks. Voice calls, text, apps, email, social media, and websites can all be used by hackers to trick you into providing personal information or credentials. Attackers can then use this information to gain access to other systems within your organization, including those that could have sensitive data. These malicious messages should be deleted immediately. Please see our tips below to know what to look out for, how to confirm a communication is legitimate, and the best ways to prevent an attack.
What to look out for:
- Is there a caution banner on the top of the message indicating it is from off campus?
- If you were NOT expecting something from the sender...
- Call or text them at a known number
- Send a separate email to the sender asking about its legitimacy
- Be especially wary of links or attachments
- Just like snail mail, anyone can send a letter/email claiming to be someone else such as Kate Morris or Brenda Papineau, USE cautionbefore responding or giving out personal information
- What is the reply to address, is it legitimate and check for a caution banner
- PAUSE, THESE MESSAGES ARE MEANT TO PANIC YOU
- They are written with urgency to rush you into making a bad decision
- Email me directly with the word PAUSE and the twenty first person will receive a gift card
How to confirm legitimacy
- Google the subject line and see if it is a known malicious message
- If it sounds too good to be true, it probably is
- Check to see if IT has sent an alert to campus about malicious activity
- Verify the email sender
- Look for grammatic errors or spelling errors
- Prevention
- Enable Multi Factor Authentication (MFA) when possible
- Be very careful when clicking on links, always, always
- Make sure to use long passwords and different passwords for every account
- Use a password manager
- Do your updates on all your devices, most often those updates are security patches
- Delete old accounts from sites and apps you no longer use
- Check your credit report regularly
If you believe you have been phished/compromised, please do the following :
- Change your password immediately
- Check your sent folder for any suspicious messages
- Forward the message to phishing@stlawu.edu or delete it and empty your trash