Phishing emails are emails designed get you to compromise your account by a cybercriminal by requesting you to not only to provide your user name, password or other sensitive data, but can also be used as a way to compromise your system. The emails attack can appear to come from external companies or from internal sources with a company email. They often have a sense of urgency or can make promises such as giving a raise, a promotion etc. Often times the emails can be identified by incorrect spelling or grammar. Phishing attacks can also contain malware such as ransomware that will encrypt your data until you pay, install software to take over your machine, erase all data from or they may simply download malicious code to steal data from your computer. When in doubt throw it out. If you have any questions about an email you may have received, please contact Informationsecurity@pvamu.edu
For more information on phishing please click here (SANS Ouch newsletter on phishing)
Most users have encountered some form of a phishing attack. They are generic and can be sent to anyone and often times it comes you know or a bank however it does not address you directly. They are often urgent sounding in nature and will seek you to enter information and in order to seal user names and passwords. Often times phishing attacks can be easy to spot but what about spear phishing. Spear phishing emails are more sophisticated and can appear to come from a friend, a boss, a coworker or a company you are familiar with. Often times the cyber criminals will use social engineering to learn as much about you as they can before they launch an attack. They seek to gather as much information as they can for their benefit or as a way to bring you down. To combat spear phishing careful of the type of data you post about yourself. If possible do not post your place of employment or job title on a social networking site. Be wary of any unexpected emails particularly if they contain a link or attachment. Confirm with your family, friends, coworkers or boss any urgent request for information PII or confidential information, especially if they already have access to it.
For more information on Spear phishing please click here (Ouch newsletter on spear phishing)
You are a target. Cyber criminals will often try to compromise you in different ways. They will attempt to steal your personal information and compromise your identity. They will attempt to steal your information to access your bank accounts and other areas where secure data is stored. They will also seek to impersonate you by hacking your social media accounts, gathering contacts from your email or cell phone and install malicious software. Even if it seems that your computer is ok, be aware that your computer can be used in an attack on another person or company. They can also attempt to black mail you with photos taken by your cell phone, your computer or your web browser history. To protect yourself, ensure that your computer is up to date, you have anti-virus and anti-malware installed that is up-to-date and scans regularly, do not click links within emails from people that you are not familiar with (be careful with from people that you know), be careful of the websites that you visit.
For more information on email do’s and don’t please click here (Ouch news letters on securing yourself and email do’s and don’t)
If you have any suspicious email please feel free to contact us at firstname.lastname@example.org
Reporting a phishing scam in Microsoft Outlook Desktop Client
- Select the suspicious email in your inbox
- Press Control-Alt-F to create a a new email with the suspicious email as an attachment.
- Send the email.