Understanding and Protecting Yourself from “Phishing” Attacks

October 21, 2021

As part of our continuing observance of National Cybersecurity Awareness Month, we thought it was crucial for our students, staff, and faculty to understand the concept of phishing and ways to defend against phishing attacks. Learn from our Assistant Cyber Professor Dr. Kellep Charles about how to keep safe online.

Criminals and hackers have elevated their sophistication in creating phony but authentic looking emails that seemed to have originated from legitimate organizations. If you receive an email that you believe to be a phishing attempt, do not reply to it since doing so would just confirm the email address is correct. For those not aware of the term, “phishing” (pronounced “fishing”), is a type of online identity theft that uses email and fake websites that are designed to steal your personal data or information. You may have seen these types of emails show up in your inbox.

If you happen to receive such an email, your best course of action is to submit phishing emails received at work or school as an attachment (do not forward the email because you could potentially spread the infection) to your IT/security department, or simply delete it. If you receive phishing emails while at home, you should either delete it or forward it to the Federal Trade Commission (FTC) at spam@uce.gov so they can add it to their database.

So how do you identify phishing emails? According to Richard Greenberg at Cap Tech's recent presentation on phishing, he provided these following keys:

1. The message is sent from a public email domain like Gmail or Hotmail.

2. The domain name is misspelt for example, instead of paypal.com you will see payapl.com

3. The email is poorly written, and it will contain poor spelling and grammar.

4. It will include suspicious attachments or links

5. The message creates a sense of urgency, telling you to act now or else.

Here are additional tips to avoid becoming a victim to a phishing attack:

At home, use trusted security software and set it to update automatically.

· Don’t email personal or financial information.

· Do not access the Internet by selecting links in e- mails or pop-up messages.

· View all email in plain text.

· Contact the sender using a known and/or published telephone number.

· Type the web address or use your own bookmark.

· Delete email that asks you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.).

· Never respond to email messages that threaten to close your account or take other action if you don’t respond.

Other forms of Phishing such as “Spear Phishing” and “Whaling” to name a few, have also been on the rise. Spear phishing is more targeted towards an individual. The hacker will send a single customized email to the target containing personal information such as a name or some other tidbit of information about employment, to trick them into replying or accessing a link. Whereas “Whaling” is a specific form of spear phishing that targets upper managers of private companies and school administrators.

The best way to protect yourself from the various phishing attacks is to learn how to recognize phishing attempts. We hope this information has help you.