Protecting against Phishing and Spam attacks - Your role in Cyber Security

You play a critical role in the defense against malware and phishing emails.

Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication that often look to be official communication from legitimate companies or individuals.

The information that phishers (as the cybercriminals behind phishing attacks are called) attempt to steal can be user names and passwords, credit card details, bank account information, or other credentials. Attackers can then use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. Phishers can also sell the information in cybercriminal underground marketplaces.

How phishing works

Phishing attacks are scams that often use social engineering bait or lure content. For example, during tax season, bait content involves tax-filing announcements that attempt to lure you into providing your personal information such as your Social Security number or bank account information.

Legitimate-looking communication, usually email, that links to a phishing site is one of the most common methods used in phishing attacks. The phishing site typically mimics sign-in pages that require users to input login credentials and account information. The phishing site then captures the sensitive information as soon as the user provides it, giving attackers access to the information.

Another common phishing technique is the use of emails that direct you to open a malicious attachment, for example a PDF file. The attachment often contains a message asking you to provide login credentials to another site such as email or file sharing websites to open the document. When you access these phishing sites using your login credentials, the attacker now has access to your information and can gain additional personal information about you.

Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate.

These messages are intended to infect your computer with malware or capture your password.

More Information about various forms of Phishing

You are at risk

  • Your identity could be compromised
  • Your email account could be used to send spam and phishing messages
  • Your contact list could be exposed placing your friends, family and colleagues at risk
  • Your email and files could be exposed, any personal or sensitive information you have stored in your accounts will be accessible
  • Your email and account will be temporarily disabled
What can you do?

Report Spam and Phishing Attempts to Microsoft

It's easier then you think.  Reporting a message as spam is only a click away in your outlook mail client.  Reporting messages to Microsoft helps increase the effectiveness of their spam filters which will benefit all of us.

Outlook Client

Outlook Online (office365.stfx.ca)

Mobile Devices

 

Don’t Get Hooked - Tips for Identifying spam/phishing messages

Listed below are some tips and tricks for identify spam and phishing.

Identifying the threat

Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an impostor login screen that delivers your information directly to the attackers.

Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to StFX in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.

Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).

Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

 

Think Before You Click

The most common attacks are through email. Often, scammers will include malicious links or attachments in emails that look harmless. To avoid this trap, please observe the following email best practices:

  • Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
  • Do not provide sensitive personal information (like usernames and passwords) over email.
  • Watch for email senders that use suspicious or misleading domain names.
  • Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
  • Do not try to open any shared document that you’re not expecting to receive

More tips and tricks are linked the in the files section of this article

Details

Article ID: 43732
Created
Thu 12/7/17 11:51 AM
Modified
Thu 6/25/20 8:23 AM

Related Articles (1)