Information Security Awareness: Learn What It Takes to Refuse the Phishing Bait!
According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95% of security incidents. Following are a few ways to identify various types of social engineering attacks.
- What do they want? They want to lure you into exposing sensitive information like your username and password, bank account or credit card numbers, birthdate and phone numbers.
- Think it isn’t happening at WCU? WCUid accounts get phished on a regular basis. Because of training and other awareness most of them are unsuccessful. However, in the last 3 years we have had 3 phishing campaigns that were successful in getting multiple faculty and staff to respond and give up their credentials. In those 3 instances, 153 Help Desk tickets were created for people that reported themselves as victims.
What should I do?
- Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click that delete button.
- Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate.
- Don’t be duped by aesthetics like logos or links to real websites.
- Never, ever share your password. Did we say never? Yup, we mean never.
- Avoid opening links and attachments from unknown senders.
- Don’t open any attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
- When you’re not sure, call to verify. If the message is urging you to take action —exercise caution. Don’t hesitate to contact the company or sender directly to verify.
- Don’t talk to strangers! Phishing also happens via phone and text messaging.
- Don’t be tempted by abandoned flash drives. Be wary — it could be a trap to infect your computer with malware.
What to do if you get phished through your WCU Email account:
- If you still have the email in your Inbox, Right-click on it, then select Junk, Block Sender. This will help prevent these emails from coming to your Inbox in the future.
- Forward the email to firstname.lastname@example.org for any further action needed for the campus community.
Watch the Video: Don’t get Hooked