Employees

Think you know how to avoid Phishing scams? Think again

Photo Credit: Edwind Richzendy Contreras Soto via Creative Commons.
As of 2011, more than 100 billion phishing scam emails are sent out daily across the globe.
Is your computer at risk? Click here to find out.

 

 

If you have an email address, chances are you’ve been the target of a Phishing attempt at some point.

Defined as any attempt via email to get a person to reveal confidential data for the purpose of committing fraud, stealing money or trespassing on computer systems, today Phishing is a term synonymous with online fraud.

Over the years, the most common attempts have become cultural in-jokes: the Nigerian prince scam, the Foreign Inheritance trick, the Start-Up-Pay-Off scheme. Unfortunately, not all attempts are so blatant.

While the above example may be somewhat unfair (Jagwire, of course, is an official university website), a truly sophisticated attempt might seem just as legitimate. In fact, according to Augusta University Chief Information Security Officer Walter Ray, the best Phishing scams are the ones that feel “safe.”

“The most sophisticated phishing attempts closely mimic our own login pages,” Ray said. “They use our logo, they use the legal language displayed on all of our pages and they even reference the correct number for our Information Technology (IT) Help Desk.”

According to Ray, in the wake of previous attacks, victims of Phishing scams usually couldn’t pinpoint the moment they’d given away their information.

“People don’t always remember providing their username and password in a phishing attack because nothing stands out to them,” Ray said. “The scam site looks just like the site they’re logging into everyday.”

Falling prey to such an attack can be frighteningly simple. But Ray cautions there are ways to avoid becoming a victim.

The first is learning to spot the “hooks.”

“Generally, if you aren’t expecting a link or an attachment from someone, you should always be suspicious of receiving one” Ray said. “One way hackers try to bypass that suspicion is by creating a sense of urgency in the message, saying you’ll lose access if you don’t act or provide your information quickly.”

Another method involves creating a false sense of security, such as posing as a member of the institution using an outside email address for convenience.

“If the link takes you to a non-Augusta University related website, that should be your biggest clue that something is wrong,” Ray said.

The second trick is knowing who to trust.

“No one from the IT Help Desk will ever ask for your login credentials over the phone or via email to help you resolve an issue,” Ray said. “We also don’t use pop up messages telling you to call the Help Desk on any of our webpages.”

The third technique is by far the simplest: be vigilant when inputting your username and password and report suspicious activity by sending an email to stopspam@augusta.edu or security@augusta.edu or by calling the IT Help Desk at 706-721-4000.

“Your password is considered one of the most sensitive pieces of information you’re going to deal with at Augusta University, because that’s your key to the kingdom, so to speak, that’s going to get you access to our systems,” Ray said. “Always maintain a high level of vigilance and report anything suspicious.”

Following a recent attack in early September, Ray said he and his team have been hard at work shoring up the university and health system’s network defenses. But the impetus is on everyone to stay safe and be alert.

If you suspect you may be the target of a Phishing scam, report it. And please, be careful where you click.

About the author

Nick Garrett

Nick Garrett is a communications coordinator in the Division of Communications & Marketing at Augusta University. Contact him at 706-446-4802 or ngarret1@augusta.edu.