In light of the recent phishing attack on some YSU email accounts, here are some pointers on how not to become a victim, courtesy of the SANS Institute, one of the world’s largest information security training organizations.
- Check the email address. If the email appears to come from a legitimate organization, but the “FROM” address is someone’s personal account, such as @gmail.com or @hotmail.com, it’s most likely an attack. Also, check the “TO” and “CC” fields. Is the email being sent to people you do not know or do not work with?
- Be suspicious of emails addressed to “Dear Customer” or that use some other generic salutation. If a trusted organization has a need to contact you, they should know your name and information.
- Be suspicious of grammar or spelling mistakes; most businesses proofread messages carefully before sending.
- Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique to rush people into making a mistake. Also, legitimate organizations will not ask you for your personal information.
- Be careful with links, and only click on those that you are expecting. Also, hover your mouse over the link. This shows you the true destination of where you would go if you clicked on it. If the true destination is different than what is shown in the email, this is an indication of an attack.
- Be suspicious of attachments. Only click on those you are expecting.
- Be suspicious of any message that sounds too good to be true. No, you did not just win the lottery.
- Just because you got an email from your friend does not mean they sent it. Your friend’s computer may have been infected or their account may be compromised. If you get a suspicious email from a trusted friend or colleague, call them.
If you get an email that you think is a possible phishing attack, immediately contact the YSU Tech Desk at 330-941-1595.