Spear phishing, like phishing in general, the attacks are messages typically personalized based on public information the attacker has found on the recipient. This can include topics surrounding the recipient’s expertise, role in the organization, interests, public and residential tax information, and any information attackers can glean from social networks. These specific details make the email appear more legitimate and increases the chances of the recipient clicking links or downloading attachments.

What is Phishing?

A phishing attack is a way of attempting to get a user to install malicious software or have the user provide sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

• Phishing attacks try to get you to do one of the following:
  
  • Open a malicious attachment
  • Browse to a malicious website
  • Wire Transfer bank funds to a fraudulent account
  • Disclose Sensitive information
  • Credit Card Numbers and CVS codes
  • ATM/Debit Card Information and PINs
  • Social Security Numbers
  • Banking Information (Account Numbers, Routing Numbers)
  • Account Passwords

Never Provide any of this Information via E-mail!

Tips to identify a Phishing Attack

Tip #1: Read and Think Before You Click

• Thoroughly read emails. Watch for:
  
  • Misspellings and poor grammar
  • Messages that don’t seem quite right
  • Unsolicited emails

• Don’t just react. Ask yourself:
  
  • Was I expecting this message?
  • Does this email make sense?
  • Am I being pushed to act quickly?
  • Does this seem too good to be true?
  • What if this is a phishing email?

Tip #2: Verify, Verify, Verify

• Be 100% confident you know the sender
  
  • Logos are used illegally by scammers
  • “Spoofing” can make From addresses, links, and caller ID look trustworthy
  • In the case of a compromised email account, an attacker can send messages from someone else’s email account

 

• Don’t take messages at face value
  
  • Hover over links to verify destination
  • Confirm the email is legitimate
  • Instead of clicking a link, type a known URL into your browser
  • Instead of replying to the email or using a phone number from the message, use a verified, trusted contact channel

Tip #3: Ask for Help

• Report the incident to the helpdesk via email, online, or call x5555 and let them know what information was disclosed.
• Change any effected passwords.
• Scan your PC for malware. (The helpdesk can help with this)
• If you believe your financial accounts may be compromised, contact your financial institution immediately.
• Watch for any unauthorized charges to your accounts.

• Ask your manager or Helpdesk for advice
• Report suspicious messages by using the "Report Phish" button

• Responded to phishing message accidentally? Contact the Helpdesk immediately!

 

• Make cybersecurity part of your daily routine
• Be particularly wary of attacks that involve requests for:
  
  • Wire transfers/Direct Deposit/Gift Cards
  • Tax and medical data
  • Financial account information
  • Password updates
  • File downloads

 

• Be on the alert for phishing techniques in text messages, on social media, and during unsolicited phone calls

 

Stay Vigilant! Nobody Is Immune to Phishing, Smishing or Vishing.

OIT InfoSec