Welcome to week 2 of Cybersecurity Awareness Month! I hope everyone had a wonderful Mountain Day weekend. Before we get to this week’s topic, I want to remind everyone that the Virtual Scavenger Hunt is just waiting for you to start it. You can go to the start page by following this link, or you can click on the button in the big blue bulletin in the top right-hand corner. To entice everyone to participate, I can now tell you that the grand prize for this year is a high capacity charging kit. You’ll get a 30,000mAh charging block with four outputs, one of them USB-C! You’ll also get three high capacity wall plugs with dual USB-A and USB-C ports and a case to hold it all. Check out the images below!
Now that I have you motivated, you can jump right into the scavenger hunt after you finish reading this week’s article!
This week’s topic is phishing and how to spot it. First, let’s define what phishing is. Phishing is the use of fraudulent emails to attempt to convince you to go to a malicious web site, open a dangerous attachment, or engage in risky behavior that you would not ordinarily consider doing, like giving your password to someone. Phishing emails try to convince you that you bought an expensive piece of software or some gizmo you might or might not ordinarily buy. They try to convince you your password is expiring, or that you missed a phone call and have a voice mail waiting, or that they want to hire you as an assistant or give you a free piano (yep, you read that right, but of course, it’s not what you think).
Phishing emails have many end goals – but usually it involves stealing usernames and passwords or stealing money. Another, more insidious end goal of a phishing email is to infect your device with malware, or worse, use your machine as a jumping off point to infect the whole network with ransomware.
The quality (read – sneakiness) of phishing emails varies wildly. It is easy to spot those that come in with misspelled words or poor grammar, but some phishing emails are very well done, use corporate logos and look very official. There’s no way to reliably block these emails from arriving in your Inbox, so how do you spot them?
There are a number of red flags that can indicate that an email is fraudulent, but we’re going to focus on nine that are usually sure fire, and I’ll point out two that will help you confidently spot phishing emails.
- The email has poor grammar, and words are misspelled or misused. Sentences are either short and incomplete, or rambling, run-on sentences.
- The email has unusual visual spacing of words, sentences, or paragraphs.
- You don’t know the sender, or you don’t have any kind of relationship with the company the email claims to be from.
- The email claims to be URGENT!!! This is the top red flag for spotting a phishing email.
- There are links you must follow or documents you must open to resolve the urgent situation.
- You won a lottery you never entered.
- THERE’S A LOT OF CAPITALIZED LETTERS IN THE EMAIL, as if they are shouting at you.
- The email claims your password is expiring, but says you can keep your existing password. This is another dead giveaway that the email is not real. Password expiration, by default, means that you need to change your password, not keep it.
- The email claims to be from someone you know, but something seems odd. Their email “voice” is not right. The best way to deal with these types of phishing emails is to contact the other person by another means (phone call, face to face, etc.). DON’T just reply to the email, this is what the attacker is hoping for…
Now that you know how to spot phishing emails, be sure to come by the Information Security table in Krannert on Thursday, October 13th to score some sweet candy for picking out the phishing emails and knowing why they are phishing emails. Also, your skills will be put to the test as Information Technology is sending out a phishing email test during the week of October the 17th. If you’ve never reported a phishing email before, I encourage you to report any phishing email you receive that week. If you report one of our test emails during that week, or you report a real phishing email, your name will go into a prize drawing held at the end of the week. The winner of the drawing will get an Oontz 3 waterproof Bluetooth speaker and case. See the images below!
It’s easy to report an email! If you are using Outlook to read your Berry email, just use the Phish Alert Button in the toolbar. If you use your phone to read your email, you’ll need to use the Outlook app for either Android or iOS to report the phish. The Phish Alert Button is under the “three dots” menu when viewing an email. If you don’t use Outlook or the Outlook app on your phone, you can always login to https://mail.berry.edu and report it there, again, under the “three-dots” menu. Good luck spotting those phishing emails and good luck in the drawing!
There is one final, VERY important thing to know for this week. Online cybersecurity awareness training emails will go out this week. This training is mandatory, so please use the email you receive to log into the training platform and complete the training. It will take about 20 minutes to complete and you don’t have to do it all in one sitting. The training will be open for completion until October 28th.
Thanks for reading this far into the week 2 article for Cybersecurity Awareness Month! Come back again next week as we talk about multi-factor authentication. Remember – report those phishing emails, complete your cybersecurity awareness training, and participate in the virtual scavenger hunt! Good luck!