Videos
Training
- Learn to recognize risks and how to spot fake websites in the NEOED course "Preventing Phishing".
Phishing
Phishing is where an attacker tricks you into giving them information you otherwise would not. Each day people fall victim to phishing scams through emails, texts, or phone calls, and mistakenly turn over important data. Then, cybercriminals try to use that data to commit other crimes.
Many scam emails are designed to trick employees into thinking the emails are official communications from our College President, the IRS, or other companies like Greenshades. These phishing schemes can ask employees about a wide range of topics. Emails can seek information regarding confirmation of personal information, ordering transcripts, or verifying PIN information. They may also ask a simple question in the hopes that you will reply. Example: “Are you going to the store today?”. Be cautious before opening any emails related to COVID-19, gift card purchases, or requests to "respond immediately".
Some scam emails request that people click on links contained in the emails. When people click on these email links, they are taken to sites designed to imitate an official-looking website. The sites may ask for Social Security numbers, passwords, and other personal information, which could be used to commit other crimes. The sites also may carry malware, which can infect computers and allow criminals to access your files or track your keystrokes to gain information like your username and password.
Phishing attacks work because the messages are very believable and convincing. Be very careful about what personal information you make public on social media sites or pass in electronic communications that might be used to target you in a phishing attack.
To help prevent falling victim to a phishing attack, follow these security tips:
- Look for the “s” in “https://”. Always look for “https” at the beginning of the web address and the “lock” icon in the web address. This indicates that the site uses encryption to protect your information when it is transmitted to us. Fraudulent and unencrypted sites can begin with an “http” address. If you click on the “lock” icon on your browser, it will display information that shows the certificate that certifies you are on the correct site.
Be Suspicious of Emails and Learn to Recognize Phishing Emails. To help prevent you from falling for phishing scams, take the time to examine, identify, and avoid emails that:
- Contain a Link. Scammers often pose as the IRS, financial institutions, credit card companies, or even our College President. These scammers may claim that the recipients must update their accounts or change their passwords. The email offers a link to a spoofing site that may look similar to the legitimate official website. Employees should follow a simple rule: Don’t click on the link. If in doubt, they should go directly to the legitimate website to access the account.
- Contain an Attachment. Another option for scammers is to include an attachment to the email. This attachment may be infected with malware that can download malicious software onto the recipient’s computer without their knowledge. If it is spyware, it can track the recipient’s keystrokes to obtain information about their passwords, Social Security Number, credit cards or other sensitive data. Remember, employees shouldn’t open attachments from unknown sources.
- Are from a “Government” Agency or “Financial Institution.” Scammers attempt to frighten people into opening email links by posing as government agencies, financial institutions, and even tax companies. Thieves often try to imitate the official organizations, especially tax-related ones, during the filing season.
- Are from a “Friend.” Scammers also hack email accounts and try to leverage the stolen email addresses. Recipients may receive an email from a “friend” that does not seem right. It may be missing a subject in the subject line, or contain odd requests or language. If the email seems “odd,” employees should avoid clicking on any links or opening attachments.
- Contain a False “Look-alike” URL. Scammers may try to trick the recipient of an email into clicking on an illegitimate URL or web address. For example, instead of including a link to “www.IRS.gov,” the email may contain a false look-alike URL such as “www.irs.gov.maliciousname.com.” To verify the authenticity, a recipient can place their cursor over the text to view a pop-up of the real URL.
If you receive an email that you are concerned about, phone the company directly rather than responding electronically via an email message. If you click on an attachment or link in a phishing email by mistake, contact the Grayson College I.T. department via help.grayson.edu from a different computer or device.