Phishing

 

As society continues to integrate with technology, we have more opportunities to reach each other than ever before. Communication across the world has never been easier, now that we can communicate through email, phone, and other messaging systems. While this freedom of communication is generally a positive thing, there are some in the world who would use these forms of communication to take advantage of others. It is important for everyone to be aware of these dangers and to know how to combat them no matter what their position is at our institution. The goal of this article is to teach you how phishing works and how to guard against it. 

 

 

The term phishing arose in the 1990's with the birth of email communications. It is defined as the act of trying to bait someone into giving up their private information through email. Imagine a fisherman disguising a hook with bait in an attempt to lure in a fish. An unfortunate fish mistakenly recognizes the hook as an insect and is caught when it tries to eat it. The process of phishing follows a similar pattern. 

 

The Bait

 

When a fisherman is choosing what fly or lure to use, he usually thinks about the fish he wants to catch first. He chooses the bait that most resembles the fish’s preferred prey. If a hacker targets your email for a phishing attack, they will have the same mindset. They want to send you a realistic looking email about something that you might expect in your inbox. They want to blend in with the other promotional materials you might be receiving from companies’ email lists. They may create fake email accounts with names that match the content of the email. They will speak as if they are part of the company they are trying to impersonate and present you with realistic-looking information. They might offer special deals, or pretend to be someone you know. We will discuss how to identify the holes in their disguise shortly.

 

The Hook

 

When a fish mistakes the lure for an insect, it bites on the line. The hook catches in its mouth and it can no longer swim away. A phishing email always has something within it that tries to take something from you. This comes in a variety of forms. Sometimes it reroutes you to a false login page with the intent to steal your login and password. Other times it invites you to open an attachment. They might also be vying for a reply that will supply them more information about you.  All of these invitations are dangerous and should be treated with extreme caution. If you click on them you will be putting your device and the school’s network at risk. In the worst-case scenario ransomware can be installed on your device, a program that locks your files behind an encryption and threatens to destroy them if you do not pay the hacker to release them. A hacker could also use your login information to access other accounts if you unwittingly give them your information. 

 

The Catch

 

When the fish is on the line, some damage has been done but it isn’t over yet. To protect against the negative effects of a cyber attack, regularly update your device and the apps you use to the most recent version. On university-owned computers, the IT department will also install malware protection that will prevent some attacks from causing damage. These programs will be able to spot and block some malware files as they are downloaded onto your device. Most importantly, always backup your device so that you can restore it if necessary. If you believe that you have been a victim of a phishing attack, please put in a ticket with the IT office immediately. If you think your password has been compromised, you can reset it using our password reset guide. If there is ransomware on your device, do not cooperate with the hacker. There is no guarantee that they will give you back your files even after complying with their requests. 

 

How to Spot Phishing Attempts

 

Now that we have talked about the dangers of phishing emails and what they can do to your computer, it is time to learn how these emails or messages might look. There are three major identifiers to keep in mind when you’re trying to spot phishing emails:

 

1.     Email Address

§  The email address of the sender will likely be outside of the organization they claim to be a part of. They also might present themselves with a name that is unfamiliar to you or adopt a title that they think you will trust (like Doctor or Professor).

 

2.     Misspellings

§  Most large corporations maintain their legitimacy by presenting their brand in the best way possible. All of their emails, especially reoccurring notices or official announcements, are thoroughly spell-checked. Hackers rarely have the benefit of a large team to catch their spelling mistakes. Misspellings in the email address, subject line, or body of the message are signs that the message may be a phishing attempt.

 

3.     A Sense of Urgency

§  Hackers don’t want to give you the time to recognize that their email is a phish. They will try to pretend that their offer/notice/message is in immediate need of your attention. When you see a message that says it is urgent, slow down and analyze whether or not the sender is making a legitimate claim.

 

Using the Phish Alert Button

 

Since phishing is such a common threat for staff and faculty to face, Southern Virginia University emails come equipped with a gmail extension called the “Phish Alert Button.” This is an extension that allows you to eliminate an email from your inbox and send it immediately to your IT department for inspection if you suspect it to be a phishing email. Do not use this button for ordinary spam or marketing emails.




Image source: KnowBe4’s Phish Alert Button Official Information Page. 


The Phish Alert button can be accessed in 3 ways. It will appear as an option while you are viewing the email, you can select the button while the suspicious email is selected in your inbox view, or you can use the drop-down menu on the top-right of the screen. It is shaped like a red fish hook. If you are having difficulty finding the phish hook button, try logging into your gmail through the browser site on Safari. 


If you are trying to enable this feature for outlook, please follow these instructions

 

Thank you for reading this article on phishing. If you would like to know more about how to protect yourself against cyber attacks, please set an appointment to speak with us in the IT office.