If there is just one message that you can take away from this complicated topic, it is this: Phishing is preventable.
What is Phishing?
Phishing is an attempt to steal your personal information. You might get a message pretending to be someone else and asking you to send sensitive information for some reason. A phishing email might also contain attachments that, when opened, install malicious software on your computer.Spear Phishing is a special attempt to gain unauthorized access to confidential data by targeting a specific organization or person. A spear phishing email appears to be from someone or some company that you know. The spear phisher is familiar with your name, email and knows a little about you usually through social media, using that to win your confidence and cooperation.
What are the negative effects of phishing?
When your Kenyon account is compromised, your personal and private information is vulnerable along with any documents or information shared between you and others. A compromised account also extends the risk beyond you and to the community. An account that has been compromised can be used to gain information on others and can be used to send emails with the goal of obtaining the account details of more accounts.
How can I protect myself?
Learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information. Either directly in the email body, or linking out to another website, a phishing email could be asking for your username, password, credit card number, social security number, and much more. Remember:
Kenyon will NEVER ask you for any login credentials, especially passwords!
Things to look for:
- Requested personal information
- Generic greetings or company spoofing
- Dear Bank User, From Bank - Main Branch
- Dear Facebook User, From Facebook Research Team
- Dear Kenyon Employee, From Kenyon IT Department
- Bad email addresses
- Always mouse over the from address to make sure it is legitimate
- Forged Links
- Always mouse over any link in the email to see if the address matches the link that was typed in the message
- Look to see if the link starts with an https and not http
- Do not click on the link if you are unsure
- Oddly named attachments
- Do not download if you are unsure
- Sense of urgency or threats
- Within 48 hours… or your account will be locked
- Bad Spelling
- Poor formatting
Some Examples:
Want to learn more?
Read about phishing in the news, and see the FTC's page on recognizing and avoiding phishing scams. Further protect yourself by considering Two Factor Authentication (2FA). See this page for additional information. If you have any questions about phishing or 2-step verification, please contact Helpline at 740-427-5700 or helpline@kenyon.edu.References
https://support.microsoft.com/en-us/help/4033787/windows-protect-yourself-from-phishing
http://searchsecurity.techtarget.com/definition/spear-phishing
https://www.phishtank.com/what_is_phishing.php?annotated=true
http://www.cbsnews.com/news/phishing-emails-to-watch-out-for/