Phone: (909)537-7677
Email: support@csusb.edu
Knowledgebase: Phishing
Avoid Phishing Attacks
Posted by Kenneth Baugh on 23 February 2017 02:39 PM

Avoid Phishing Attacks

Awareness

Phishing and spear phishing are attempts by criminals to obtain passwords or other confidential information. Phishing can come as texts, tweets or emails. At a glance, the requests appear to be authentic. They often require urgent action on your part and request your personal information. Here are clues to help distinguish if the request is real or fake.

Phishing Attack Clues

  • The request is unfamiliar or seems out of place
  • There's pressure for you to act immediately
  • It offers something too good to be true
  • It asks for personal information
  • By hovering over a link, it reveals an impostor website
  • It is non-personalized greeting like "Dear User" or "Dear Friend"
  • There are misspelled words, awkward grammar or punctuation

The clues from a recent phishing attack are:

  • Addressee is generic
  • Urgent situation
  • Time zone is Brazil Eastern Time (BET)
  • Hovering over link shows imposter destination
  • Punctuation and grammar errors

Verification

Phishing attacks are not limited to email. Social networks, online ads, tweets, and other online sites entice viewers to click links and some are not what they seem. So be careful what you click. With a little education and effort you can thwart phishing attacks.

 

Protect yourself from phishing attacks

  • If in doubt, call the institution involved by using information from an account statement or the back of a credit card.
  • Avoid using the information or convenient links provided – instead use your Favorites or Bookmarks or hand type the address.
  • Ensure the full URL is correct – the trusted name should be displayed not an IP address, along with the appropriate domain (e.g. CSUSB.edu not CSUSB.com).
  • Click on the yellow padlock icon on the status bar. Check the security certificate name matches the name of the site you trust.
  • Do not open unexpected attachments

How to Respond

Now that emails, social media, entertainment and storage accounts can be linked with a single password, a single compromise is capable of causing havoc. Knowing what to do if you become a victim can slow or stop the damage.

 

For financial situations:

 

How many phishing clues can you spot in the email image below?

 

 

 For more information about phishing go to:

 

Here's your answers. Did you spot all of them?

  • Generic addressee
  • Formatting, punctuation and grammar issues.
  • Has an attachment
  • Urgent request
  • Tagged as spam

 

Click Here to view other Information Security Topics

 

KEY WORDS: passwords, spear phishing, confidential information, personal information, awkward grammar, urgency, SEC, FTC, attachments, greetings, web links