Week 3 - Phishing
Don't Take the Bait
If it's too good to be true, it's likely phishing. Phishing is a cyber attack where attackers disguise themselves as trustworthy entities to steal sensitive information such as usernames, passwords, and credit card details. These attacks often come in the form of emails, messages, or websites that appear legitimate but are designed to trick you into revealing your personal information.
Common Phishing Tactics
- Email Phishing: Fraudulent emails that appear to be from reputable sources, asking you to click on a link or download an attachment.
- Spear Phishing: Targeted attacks aimed at specific individuals or organizations, often using personal information to appear more convincing.
- Smishing and Vishing: Phishing attempts via SMS (smishing) or voice calls (vishing), urging you to provide personal information or make payments.
- Clone Phishing: Duplicating a legitimate email and replacing the attachment or link with a malicious one.
How Do I Spot Phishing Scams?
1. Recognize
- Check the Sender’s Email Address: Look for slight misspellings or unusual domain names.
- Beware of Urgent Language: Phishing emails often create a sense of urgency, urging you to act quickly.
- Look for Generic Greetings: Legitimate companies usually address you by name, not with generic terms like “Dear Customer.”
- Hover Over Links: Before clicking, hover over links to see the actual URL. If it looks suspicious, don’t click.
- Check for Spelling and Grammar Errors: Many phishing emails contain noticeable mistakes.
2. Resist
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
Protect Yourself from Phishing
- Report Suspicious Emails to the IT Security Office: If you receive a Phishing Email:Please forward the message to [email protected].
- Change Your Passwords: Immediately update passwords for any compromised accounts. To get help, visit the IT Help Desk and create a ServiceNow Ticket.
- Contact Your Bank: If financial information was shared, notify your bank to monitor for suspicious activity.
- Educate Yourself and Others: Be aware of the current phishing scams affecting SDSU. Shared information with friends, family, colleagues.
Get Help
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.
https://it.sdsu.edu/get-help
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: