Summary | Identify, avoid and prevent phishing attacks |
---|---|
Author | Maintained by Matt Ringh |
Help | Get help with this article |
Status | Up-to-date for the 2024-2025 school year. |
What is "Phishing"?
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Four Steps to Protect Yourself From Phishing
- Protect your computer by using security software like Sophos Endpoint. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
- Something you have — like a passcode you get via text message or an authentication app.
- Something you are — like a scan of your fingerprint, your retina, or your face.
- Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
What to do if you suspect a phishing attack?
Mark the email as Spam, and delete.
What is "Spear Phishing"
Spear phishing is an email or electronic communications scam targeted towards a specific individual, school or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
How does "Spear Phishing" work?
An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. One employee mistake can have serious consequences. With stolen data, fraudsters can reveal sensitive information. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.
How to protect yourself from spear phishing
To fight spear phishing scams, employees need to be aware of the possibility of bogus emails landing in their inbox.