(CC BY-SA 2.0/Flickr user )
October is National Cyber Security Awareness month. This is the second article in a four-part series on security brought to you by 黑料传送门鈥檚 Information Security Program Team.
Determining what is a phishing email and what is not can be difficult. Spotting a phish can get easier with practice. The following links provide quizzes and games designed to help prepare you for recognizing the next phish.
The way to protect yourself from phishing and other scams is always to be suspicious and use common sense. Phishing and scam emails try to trick you by coaxing you with a 鈥渃lick here鈥 to fix a problem or by offering a 鈥渢oo good to be true" opportunity. When in doubt, don't click. Never login to a website from a link in an email. Instead, go to the website and sign in to see if there are any signs of strange activity. If you're concerned, change your password. Always think before you click, and never give out your password or financial information by responding to an email.
Don鈥檛 hesitate to contact the CIT HelpDesk in Milne Library for help with a questionable email at (585) 245-5588.
Here are a few examples of real phish/scam emails that have been seen at 黑料传送门 or other SUNY Colleges.
- A group of International students was led to believe that a contact on WeChat could get them a great currency conversion rate if the students used them to payid their bills. The contact requested the students' college user ID and password and they proceeded to pay the student bills using stolen credit cards. When the students saw that their bills were paid, they transferred payments to their contact via Venmo, iPay, or a similar service. Several weeks later, the college began receiving notifications of charges from people who did not have affiliations with the college. The FBI was contacted and found that the WeChat account originated from a computer in Canada, the credit cards used to pay the students bills were from a bank in Japan, and because the students were in their home countries 鈥 not the U.S. 鈥 the FBI had no jurisdiction in the case.
- 黑料传送门 students received an email to their college email accounts from 鈥淚T.鈥 The email stated that they exceeded one or more size limits set by the 鈥淣etwork Administrators.鈥 The students were asked to click on a link where they are asked to enter their login information.
- Over 1100 黑料传送门 students received an email stating that a new "professor" needed a student worker who could work four hours a week for $300. Interested students replied to the professor via a non-黑料传送门 account. The professor then emails a check to the student for $2450 with instructions on how to deposit it. Fake check scams often include refunding a portion of the check in cash before the deposited check is discovered to be fraudulent.
- 黑料传送门 account holders received an email from 鈥淚T鈥 saying that it suspected a security breach and in order to prevent further damage, account holders needed to change their password through a provided link.
鈥嬧赌嬧赌嬧赌嬧赌嬧赌嬧赌 - 黑料传送门 account holders received an email saying that the sender had their password and they knew a secret about them. They threaten to share the person鈥檚 secret unless they make a payment by bitcoin. The amounts requested have varied.