Posted 09/07/2018Submitted by Gregory FreidlineCategory: Campus Announcements, Student Announcements
In an effort to further enhance our University’s cyber defenses, we want to highlight a common cyber-attack that everyone should be aware of – phishing.
"Phishing" is the most common type of cyber attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, gift card information or bank account details.
Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense. Everyone makes a difference when it comes to cyber security.
We’ve outlined a few different types of phishing attacks to watch out for:
Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
Whaling (aka CEO Fraud): Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company and ask you for sensitive information. Recently campus has seen this attack using a request for gift cards or cash. Please contact OTS or Public Safety if you suspect this type of Phishing.
Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
What You Can Do
To avoid these phishing schemes, please observe the following email best practices:
Do not click on links or attachments from senders that you do not recognize.
Do not provide sensitive personal information (like usernames and passwords).
Watch for email senders that use suspicious or misleading domain names.
Do not try to open any shared document that you’re not expecting to receive.