Phishing is a growing threat to organizations and individuals across the world. At Berea College, resources are available to our community to help identify and mitigate risk associated with phishing. Attack methods used are quickly becoming more sophisticated - with this knowledge it is important for all members of the Berea community to be proactive and aware. Phishing can occur through multiple means, not solely email. Users must be aware of email, phone calls, text messages, app upgrades on smartphones, social media, and even USB based attacks. It is important to be proactive with protecting data instead of waiting to be reactive.
Training is available for Berea College employees to provide education and awareness about phishing attempts. The college Information Security Officer will always be glad to coordinate employee and student education on IT Security awareness topics as requested.
Here are some things to consider in regards to phishing:
Hover your mouse over the link
- Does the address match up with the address within the email?
- For example, you may receive an email that has a link that looks like it would go to www.walmart.com, however, if you hover your mouse over, you will see in the lower-left corner of your browser a different address, such as www.thisisnotwalmartbutascam.com.
- Doing this helps prevent you from ever interacting with the malicious site and helps keep you and the college safe!
Don't open email attachments that you are not expecting
- A common attack method for hackers is to infect PDF and Word/Excel files, that when downloaded and opened, run a series of code that seeks to obtain your information and/or encrypt and deny you access to your workstation.
- If you receive a suspicious email with one of these files attached, do not download or execute the file! If the email looks like it's from someone with the college, reach out to them in a separate email to verify that they had indeed sent the email.
Sometimes phishing emails can look like legitimate services
- Attackers will often spoof known service pages to trick you into clicking their links. These will range from Office365, Netflix, Amazon, PayPal, and more.
- Often these will look very similar to the actual email layouts used by these services but will appear slightly "off." If you are ever sent an email that says there is an issue with your account on one of these services, DO NOT click the link within the email!
- Instead, you should browse to the website the service uses and login there, to verify if there is actually anything wrong with your account.
Click here to view examples of actual phishing attempts that have occurred at Berea College