Security Awareness
Cyber criminals have become increasingly savvy in their attempts to lure people in and get you to click on a link or open an attachment. The email cyber criminals send can look just like it comes from your organization, club, financial institution, e-commerce site, government agency or any other service or business. The email often urges you to act quickly because your account has been compromised, your order cannot be fulfilled or another urgent matter.
Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk (and often unwanted) email.
Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
Spear phishing are highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.
The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.
Reporting Spam and Phishing
Most email clients offer ways to mark an email as spam or report instances of spam or phishing.
In Google Apps, you can report spam and phishing within the web interface. With the spam or phishing message open, there is a drop-down menu next to the reply button. This reveals a menu where you can take further actions including Report Spam or Report Phishing.
Spam and Phishing on Social Networks
Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
Social networks such as Facebook, Twitter and YouTube all have ways to report spam and phishing attempts. Search the help link at your favorite social networking site to find out how to report.
How Do You Avoid Being a Victim?
- Don’t reveal personal or financial information in an email and do not respond to email solicitations for this information. This includes following links sent in email.
- Before sending sensitive information over the Internet, check the security of the website.
- Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
- Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.
What Should You Do if You Think You are a Victim?
- Report the email as phishing to Google. This alerts Google that the email is dangerous, and helps Google keep it out of other’s inboxes.
- If you responded to a phishing email, report it to the Technical Support Center immediately. Don’t wait. If the link compromised your computer, time could be very important. The Technical Support Center can also be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
- Watch for any unauthorized charges to your account.
Remember: UAA IT Services will never ask via email for any personal information. No reputable organization will either. Please be skeptical of any email you receive that asks you for personal or financial information.
Cyber security is a shared responsibility. The safer we each are as individuals, the safer we are together.