Tips to Protect Yourself From Phishing Attacks
If you believe you have been phished or your account has been compromised:
• Report the security incident ASAP.
• Change your passwords for all relevant accounts.
• Self-report phishing attempts and spam using the instructions on this page…
What is Phishing?
Phishing is the term given to communications, usually email, where the attacker tries to fool the target into revealing private information about themselves or their organization. Often claiming to be IT Solutions, the attacker will usually include hyperlinks to malicious websites in the email that appear to be legitimate or include malicious attachments. Simply visiting the URL or downloading the attachment can be enough to compromise your machine.
How does Phishing affect me?
If your account is compromised, attackers will often start sending out more phishing emails from your account. This could damage your reputation and decrease the trust others place in your future emails.
Additionally, attackers may be able to compromise any other accounts attributed to that email address. this could include bank accounts, social networking accounts, file back up, remote connection to your computer, and so on.
How can I tell if it’s phishing?
Attackers will often use a sense of urgency in their messages. For example:
- “Your account will be disabled unless you act now!!!”
- “Please update your account information or your account will be terminated”
- “Your mailbox storage has exceeded the quota”
- Often, they will include a link or attachment. these will usually, although not always, require some action on our part, such as selecting or downloading, to be successful.
- Spelling and grammatical errors are very common among phishing communications. Many of the attacks originate from overseas or from people who don’t speak English as their first language. Although this is not always the case, treat emails with excessive grammatical errors with extra scrutiny.
How can I protect myself from this?
DON’T CLICK ON LINKS in unexpected e-mail messages which you did not request!
When you receive an email about your account, instead of clicking on the link, open your browser and manually type in the site address. Because you are going to the site yourself, you can be more confident that you are going to the right place. A bank or other financial institution should never be sending you emails with links in them.
Seriously, Don’t Click On the Links
Although a link in an email may appear to be leading you to a legitimate site, for example http://www.rctc.edu/staging. It may in fact be leading you to a compromised or malicious site like http://compromised.website.com/rctc/edu. Attackers will make a link into a hyperlink that appears legitimate when you read it, while it instead opens a different address. It is important to be aware of what website you are on in your browser.
Take a Minute to Verify
If you receive an email about your bank account being compromised, take the time to call your bank. If in fact your account is compromised, you will be able to get additional assistance over the phone. It is important to use the phone number found on your bankcard and not a phone number included in the email.
Trust Your Spam Filters
Modern spam filters are able to block messages based on trends. For example, if 10,000 Gmail accounts received the same email from the same address with the same link to reset your password, then Google’s spam filters are more likely to send that email directly to the spam folder.
How to report Phishing emails to Microsoft:
NOTE: Office 365 does not block the sender because senders of phishing scam messages typically impersonate legitimate senders. If you prefer, add the sender to your blocked senders.
Outlook Mail Desktop Client
In the desktop client interface, look for the “Report Message” icon:
(Mac)
(Windows)
Then select “Phishing”:
Finally, “Report” as Phishing:
Outlook Mail Browser Client
In the Outlook client for web browsers, look for “More Actions” “…” to the right of the suspicious message:
Then Select “Report Message” > “Phishing”:
Finally, “Report” as Phishing: