Protecting against Phishing and Spam attacks - Your role in Cyber Security

You play a critical role in the defense against malware and phishing emails.

Often stfx users receive spam and phishing emails. These messages often contain, but are not limited to, fake notices regarding account closures/upgrades, package/file delivery, order status or financial transactions. Some messages contain an attachment with an infected file or a link to a malicious website and many are crafted to look like official StFX notices.

These messages are intended to infect your computer with malware or capture your password.

You are at risk

  • Your identity could be compromised
  • Your email account could be used to send spam and phishing messages
  • Your contact list could be exposed placing your friends, family and colleagues at risk
  • Your email and files could be exposed, any personal or sensitive information you have stored in your accounts will be accessible
  • Your email and account will be temporarily disabled
What can you do?

Report Spam and Phishing Attempts to Microsoft

It's easier then you think.  Reporting a message as spam is only a click away in your outlook mail client.  Reporting messages to Microsoft helps increase the effectiveness of their spam filters which will benefit all of us.

Outlook Client

Outlook Online (office365.stfx.ca)

 

Don’t Get Hooked - Tips for Identifying spam/phishing messages

Listed below are some tips and tricks for identify spam and phishing.

Identifying the threat

Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an impostor login screen that delivers your information directly to the attackers.

Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to StFX in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.

Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).

Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

 

Think Before You Click

The most common attacks are through email. Often, scammers will include malicious links or attachments in emails that look harmless. To avoid this trap, please observe the following email best practices:

  • Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
  • Do not provide sensitive personal information (like usernames and passwords) over email.
  • Watch for email senders that use suspicious or misleading domain names.
  • Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
  • Do not try to open any shared document that you’re not expecting to receive

More tips and tricks are linked the in the files section of this article

Details

Article ID: 43732
Created
Thu 12/7/17 11:51 AM
Modified
Fri 11/1/19 9:13 AM

Files (2)