Avoid Phishing Attacks

Revision as of 10:40, 8 August 2024 by Mvanmierlo (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Howdoi Banner.png
People Graphic.png
Learning Instruction Community
Check Mark Graphic - Unchecked.png Check Mark Graphic - Unchecked.png Check Mark Graphic.png
SummaryIdentify, avoid and prevent phishing attacks
AuthorMaintained by Matt Ringh
HelpGet help with this article
StatusUp-to-date for the 2024-2025 school year.

What is "Phishing"?

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may

  • say they’ve noticed some suspicious activity or log-in attempts
  • claim there’s a problem with your account or your payment information
  • say you must confirm some personal information
  • include a fake invoice
  • want you to click on a link to make a payment
  • say you’re eligible to register for a government refund
  • offer a coupon for free stuff

Four Steps to Protect Yourself From Phishing

  1. Protect your computer by using security software like Sophos Endpoint. Set the software to update automatically so it can deal with any new security threats.
  2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
  3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
    • Something you have — like a passcode you get via text message or an authentication app.
    • Something you are — like a scan of your fingerprint, your retina, or your face.
    • Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
  4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

What to do if you suspect a phishing attack?

Mark the email as Spam, and delete.

What is "Spear Phishing"

Spear phishing is an email or electronic communications scam targeted towards a specific individual, school or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

How does "Spear Phishing" work?

An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims' attention. One employee mistake can have serious consequences. With stolen data, fraudsters can reveal sensitive information. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks called botnets that can be used for denial of service attacks.

How to protect yourself from spear phishing

To fight spear phishing scams, employees need to be aware of the possibility of bogus emails landing in their inbox.