Protect Yourself from Phishing Scams
What is Phishing?
Phishing is a type of fraudulent email message appearing to come from a legitimate source but is actually sent by someone with malicious intent. The email message usually contains web-links which direct you to a spoofed website or otherwise attempt to trick you in to divulging private information such as your password, social security number or other sensitive data. The perpetrators then use this private information to commit crimes.
Recognizing Phishing
Phishing scams rely on wording aimed at inducing a sense of urgency, usually to click on a link in order to take urgent and supposedly necessary action. The ‘From’ address might even be spoofed to appear as though the message is coming from someone you know or from someone at Beacon. Web-links will either say action phrases, (such as ‘Click Here’), or are spoofed to appear as though they will direct you to a legitimate website, but in fact will take you to a malicious website.
Common elements of Phishing are:
- URGENCY – “Prevent something bad from happening, do this now.”
- Message FROM an authoritative source – “Your computer department.”
- Follow this link to take immediate action – [Click Here].
- Enter SENSITIVE data – ‘Password’, SSN, Account #.
Recognizing Spear Phishing
Spear Phishing is a type of Phishing where the sender has taken extra steps to make the email appear legitimate. Such a scam would appear to come from someone within Beacon. It may contain Beacon trademarks or logos, use the name and email address of someone in authority at Beacon, and perhaps even use Beacon terminology. Remember, the end game will be to try to trick you in to following a web-link. Usually, everything will appear legit at first glance, but often critical scrutiny will reveal signs that it too is a scam.
Remember – Information Systems will NEVER ask you to follow a link in an email which requires that you enter your password.
Web-link Gotchas.
Not all maliciousness occurs by simply tricking you in to providing data. Just by following a web-link you will likely expose your computer to software exploit attempts which may result in a compromised computing device or network account. While anti-virus software offers some protection, many types of vulnerabilities can be exploited without so much as a faint sign that anything malicious took place. In fact, unless you receive email in plain text, some malicious scripting can run on your computer just by opening the email.
What to do if you receive a Phishing email.
1. Optimally, the best thing to do is to simply delete a Phishing email without opening it.
2. If you open an email and believe that it may be Phishing, check with the person/entity whom it was supposedly sent from to see if it is legit.
3. If you did click on the link in an email using a computing device with access to Beacon systems, immediately contact the Help Desk and let them know that you followed the link in a Phishing email. It is of critical importance that you also let them know if you provided any information on the website.
The Help Desk staff and information security staff are trained in taking the appropriate steps to protect Beacon and you from potential harm. Contact the Help Desk regardless of what time of day it is.
4. Per policy, should you ever disclose your Beacon password to someone else, it is of critical importance that you change your password as quickly as possible. Additionally, by contacting the Help Desk you will be adhering to policy AND be assured that all necessary steps will be taken.