How to Avoid Getting Phished
November 8, 2018
Last year, nearly 500 Biolans were phished in a single day. You are a target for phishing attacks.
Phishing attacks try to manipulate you to act without thinking. Usually they want you to click on a link or open an attachment. Links can take you to malicious websites that steal your information. Attachments can install malicious software on your computer.
When your Biola email account is phished, a criminal can access:
- All your email and contacts
- All the university data on your Google Drive (including FERPA protected records)
- Any online accounts or services that use your Biola email as a recovery address
Watch this short video to learn how phishing works:
How do I protect myself from phishing?
1. Beware sketchy messages
Most phishing messages are easy to recognize once you know what to look for. Take time to scrutinize any message that seems suspicious. If it seems phishy, it probably is.
Watch out for these phishing indicators:
- an impersonal salutation
- unprofessional graphics
- grammatical errors
- attractive gimmicks (clickbait
There are several social engineering techniques an attacker will try to convince you to click on a link or attachment:
- Impersonating a person or organization that you regularly interact with
- Creating a sense of urgency, panic, or curiosity
- Establishing automatic trust through brand familiarity
Sometimes, attackers will use all three techniques at the same time.
2. Think before you click
If the suspicious email links to a sign-in page or asks for your username and password, be on high alert! Even if you know the sender, don't click on links that could direct you to a bad website. Don’t open attachments unless you are expecting a file from someone.
Be aware of links that you click on, and learn to test suspicious links without clicking on them.
3. Check the sender address
Check the sender's e-mail address to make sure it's legitimate. Does it match the sender’s name? If it appears that the IT Helpdesk is sending you an email, but the sender’s address is “UniversityHelpDesk@yahoo.com,” it’s a phishing message. If in doubt, just delete it.
Phishing emails will contain convincing logos, links to actual company websites, legitimate phone numbers, and email signatures of actual employees. If something seems off about the e-mail, call the sender at a known number to confirm the request.
4. Go straight to the source
To verify the content of the message, contact the sender by phone, or visit the website directly by typing the website's trusted URL into the address bar in a web browser. Don't use any of the contact information or links in the suspicious message for this verification.
5. Click the Phish Alert Button (Chrome users only)
If you determine that the message is probably a phishing attack, you can click the Phish Alert Button that appears in their email inbox. This reports the message to Biola's Information Security team.
If the Phish Alert Button isn't available, you can forward a suspicious message to the Information Security team at firstname.lastname@example.org.