October is Cybersecurity Month! This week CIA IT is writing about Avoiding Phishing. Here are some tips to recognize a phishing email!
First, what is phishing?
Phishing is a fraudulent attempt to obtain sensitive information such as passwords and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, tricks a victim into opening an email, instant message, or text message, or answering a phone call, and then sharing personal information
Know the phishing techniques attacker’s use:
An emailed link - takes you to an unsecure website.
An email attachment - installs a trojan that monitors or searches through your computer.
A spoof - appears to be a familiar email address.
A phone call - impersonates a known company vendor or IT department.
Protect yourself and your data:
Don’t open attachments, emails, or click links from someone you don’t know! If it is someone you know, ask yourself if it’s normal they are requesting this kind of information. Double check the email address. Double check the url redirection by copying the link and pasting it into a browser yourself. You can also respond to the sender and ask for clarification. Or ask for a second pair of eyes and forward it to email@example.com. IT will look at it and get back to you.
What IT is doing to protect you from phishing?
The notice you see at the top of emails from outside our network (NOTICE: This email originated from outside of CIA. Do not click links or open attachments unless you recognize the sender and know the content is safe) is to protect you against spoofing. IT will never ask for your password in an email.
All on-campus and cia-owned devices are equipped with an antivirus program. For faculty and staff, CIA accounts have multi-factor authentication. We also require encryption for employees that are telecommuting. However, your best protection against phishing is being able to recognize and avoid phishing scams. The Federal Trade Commission has published a website that shares some additional information on phishing, which we recommend you visit.
If you have any questions about phishing, please contact the Help Desk at firstname.lastname@example.org.
Thanks for reading,
Poppy Lyttle, IT Manager