National Cyber Security Awareness Month: Email Phishing
Oct. 14, 2015
October is National Cyber Security Awareness Month (NCSAM). Originally created as a collaborative effort between government and industry, NCSAM aims to help ensure every American has the resources they need to stay safer and more secure online. 2015 marks the 12th year of the program. For each week during the month, Webster University’s Information Technology department will highlight a topic that will help to educate and arm the community against online threats.
Phishing is a malicious attempt to gain your sensitive or personal information online, including account numbers, addresses, phone numbers, and passwords, by posing as a trustworthy person or institution. Phishing is a continual threat that keeps growing to this day.
When you're contacted via email, text, or phone call be on the lookout for the warning signs of phishing attempts.
- Non-personalized greetings - Uses a generic greeting, such as "Dear User."
- Urgent/threatening language
- Phrases such as "Your account will be terminated if you do not..."
- URLs don’t match and are not secure
- If an email has a link, be cautious. On touch devices, you should long press links to determine the link destination, and on desktops, you should hover over links.
- Poor grammar/misspellings
- Request for personal information such as your address, social security number, account number, password, etc.
How to Protect Yourself from Phishing
- Keep your computer or mobile device's anti-virus and anti-malware software installed and up-to-date.
- Verify URLs in emails which appear to be from trusted senders. Before submitting sensitive information online (like credit card numbers when making a purchase), verify that the site is secure. Look for the lock symbol at the top right of the page
- Pay attention to SSL certificates (sometimes called digital certificates) used to establish a secure encrypted connection between a browser (user's computer) and a server (website.) Don't just click "OK." Tools like SSL certificates were created by browser developers to notify users of security risks when visiting certain web pages. The Subject Common Name of the certificate should match the hostname of the site that returned it. If the certificate is expired or has been re-signed, be careful.
- Never send sensitive information, like passwords, social security numbers, or account numbers via email.
- Spammers often try to imitate legitimate companies and organizations. If you're unsure about an email, follow up with the sender.
Phishing is a continual threat that keeps growing to this day. The risk goes beyond email, also reaching social media sites such as Facebook, Twitter, and Google+. Always remain cautious, and use these tips to avoid becoming a victim of phishing scams. Be sure to check back next week to learn about staying safe on public networks.