Week 1 of National Cybersecurity Awareness Month
October 2020 is the 17th year of organizations promoting National Cybersecurity Awareness Month to help their users be safer and more secure online.
This article is from the National Cybersecurity Awareness Month 2020 series.
Phishing attacks come in many forms
Review these examples and think about whether you would be suspicious.
Fraudulent Job Offers
Curiosity and desperation are vital components of this common scam. The email entices you to click on a link to find out more about a job offer. The link either downloads malware or directs the user to a fake log-in page to capture your credentials.
We recommend never trusting an unsolicited job offer. Always use official sources such as https://jobs.illinoisstate.edu/.
Account Closing Alerts
Fear is a powerful motivator. Scammers could alert you that your account will be closed automatically unless you ACT NOW. When all that is required to keep your account working is to click a link and log in, why wouldn't you? What you might not realize is that the link took you to a fake log-in site, and by entering in your credentials, you just handed over your username and password to a bad actor.
Most services will notify you ahead of time if they are going to be removing your account. Very few will send a message with no notice and require immediate action.
Fake Covid-19 Announcements
Leveraging the news of the day, these scams offer you special information. These links are included for a malicious purpose and they could install a virus or malware onto the user's device. The user will likely think that the link did not work or will open a generic document but a malicious program could be installing without the user's knowledge. Don't click on links or view attachments for these types of emails.
Also check out our How Do I Protect Myself From Cybercriminals During COVID-19? article for further reading.
Phishing attacks come at any time
We lead busy lives. Scammers know that people are most vulnerable when they are distracted. If you get an urgent message alerting you that your account has been compromised in the middle of class or while walking to your car, will you examine it closely or just react?
Phishing emails are successful when we glance over them and take action without much thought. Whether it is downloading a file to learn more, clicking a link reset your password, or replying to find out more about a job offer, the result the is same. When you only react, you are caught.
Phishing attacks can stop with YOU
The greatest defense against a phisher is an informed user. Follow this guidance and Do Your Part. #BeCyberSmart!
- Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
- Take time to verify. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly through a different method. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
- Be wary of clicking on links. Avoid clicking on hyperlinks in emails before hovering over links to see what site the link is sending you to.
- Ask for a review. When you forward an email to abuse@ilstu.edu, we will be able to review it for legitimacy.