Phishing is the process of attempting to acquire information such as usernames, passwords, or other sensitive data by masquerading as a trustworthy entity. While these can take countless forms, ranging from incredibly simplistic to near perfect copies of a legitimate service - a few simple guidelines can help keep you safe in many cases.
Getting started
While these scams will commonly try to start by getting a knee-jerk response out of you, some may be as simple as a link and nothing else. These attacks come in all shapes and forms, so being aware is paramount.
These kinds of attacks cause millions of dollars of damage each year and is steadily growing.
A few quick tips can severely diminish the odds of one of these attacks succeeding - and if you have any doubts whatsoever about its validity, IT will examine the messages and inform you of any further steps to take.
Reporting a message
Preserving the message headers will make it easier for us to analyze the message. This can be done by creating an attachment of the message in question (this is not the same as forwarding it). If possible, please follow the steps below when sending the message.
Attaching the message with the Outlook desktop app
Select the suspicious message
Press Control+Alt+F on your keyboard, a new message window should appear
Send the message to helpdesk@felician.edu
Attaching the message with the Outlook web app
Create a new message
Click and drag the suspicious message from your inbox to your new message to create an attachment
Send the message to helpdesk@felician.edu
Check the sender, check the links
Very often, this can be an immediate red flag that something is amiss. You cannot necessarily trust the name itself on an email - instead, a good habit is to always check the sender’s email address. A well known company is very likely not reaching out to you via an gmail.com or hotmail.com address.
There are generally no restrictions on what one sets as their name with email - it’s the same as you being able to freely sign a paper letter with whatever you want. You’re free to use your name, a nickname, or even someone else’s name. Checking the address will very often expose these kinds of social engineering attempts. Receiving an email with the name of a co-worker in no way guarantees their identity and these attacks are relying on your glancing over this.
If you receive such a message, and it’s not from an address you recognize (ideally, any and all Felician related correspondence should be coming from another @felician.edu or @students.felician.edu email address) then something may be wrong. Remember, security happens in layers - even this isn’t an absolute guarantee. If it sounds strange and it came from a Felician address, something may still be wrong!
Additionally, hovering your mouse over the link will show it to you. This can often be a crucial hint as to whether the destination is where you’d expect it to. Beware look-alikes as well! Just because the company name is in the URL does not guarantee its safety, such as:
http://wells-fargo-banking-online.info
login.microsoftsecurelogin.net
Context is important
The messages may try to get you to panic, worry, or think that someone or something is waiting for your response. Questioning this is a good first line of defense - do any emails of this kind actually have a reason to be delivered to your work account?
For instance, if you get an email that looks like it came from Spotify, Netflix, or maybe even UPS - do you ever deal with these services on your work email? The same holds true for files, documents, and especially anything dealing with money. If it sounds strange, there’s a definite chance that something’s awry.
These messages can come in the form of messages like (and are in no way limited to):
Warning that your account is restricted
They’ve noticed suspicious activity
Mention that you need to confirm certain (likely personal) information
An invoice or credit card statement
Asking you to log in to validate or confirm something
A notice that you have messages waiting
A co-worker forgot the departmental credit card or needs to suddenly buy gift cards