Phishing is the process of attempting to acquire information such as usernames, passwords, or other sensitive data by masquerading as a trustworthy entity. While these can take countless forms, ranging from incredibly simplistic to near perfect copies of a legitimate service - a few simple guidelines can help keep you safe in the vast majority of many cases.
Getting started
While these scams will commonly try to start by getting a knee-jerk response out of you, some may be as simple as a link and nothing else. These attacks come in all shapes and forms, so being aware is paramount.
These kinds of attacks cause many millions of dollars of damage each year and is steadily growing.
![[INFOGRAPHIC] Q1 2021 Phishing Scams / Report -- KnowBe4](https://blog.knowbe4.com/hs-fs/hubfs/Quarterly%20Phishing/Q12021.jpg?width=600&name=Q12021.jpg){kind=link}
A few quick tips can severely diminish the odds of one of these attacks succeeding - and if you have any doubts whatsoever about its validity, we IT will examine the messages and inform you of any further steps to take.
...
Reporting a message
Preserving the message headers will make it easier for us to analyze the message. This can be done by creating an attachment of the message in question (this is not the same as forwarding it). If possible, please follow the steps below when sending the message.
Attaching the message with the Outlook desktop app
Select the suspicious message
Press Control+Alt+F on your keyboard, a new message window should appear
Send the message to helpdesk@felician.edu
Attaching the message with the Outlook web app
Create a new message
Click and drag the suspicious message from your inbox to your new message to create an attachment
Send the message to helpdesk@felician.edu
...
Check the sender, check the links
Very often, this can be an immediate red flag that something is amiss. You cannot necessarily trust the name itself on an email - instead, a good habit is to always check the sender’s email address. A well known company is very likely not reaching out to you via an gmail.com or hotmail.com address, for example.
There are generally no restrictions on what one sets as their name with email - it’s the same as you being able to freely sign a paper letter with whatever you want. You’re free to use your name, a nickname, or even someone else’s name. Checking the address will very often expose these kinds of social engineering attempts. Receiving an email with the name of a co-worker in no way guarantees their identity and these attacks are relying on your glancing over this.
If you receive such a message, and it’s not from an address you recognize (ideally, any and all Felician related correspondence should be coming from another @felician.edu or @students.felician.edu email address) then something may be wrong. Remember, security happens in layers - even this isn’t an absolute guarantee. If it sounds strange and it came from a Felician address, something may still be wrong!
Additionally, hovering your mouse over the link will show it to you. This can often be a crucial hint as to whether the destination is where you’d expect it to. Beware look-alikes as well! Just because the company name is in the URL does not guarantee its safety, such as:
...