Cyber Awareness

Becoming more Cyber Aware
Posted on 02/25/2019

 

Over the last few weeks SACS has been hit hard with Spam/Phish emails. Unfortunately, the spammers are getting very good at tricking you into clicking on what looks like a legitimate link only to find out that it is spam. If you do click on the link and discover it is spam, notify your building’s computer specialist ASAP.

CMT will be sending out a series of emails to help you identify spam and phishing emails. Although SACS uses an industry leader to combat spam, many spam emails will get through it. Therefore we need your help by identifying spam emails and delete them.

What is Phishing?


What is Spear Phishing?



Tip 1: SACS email is for your educational and professional needs.

Don’t use your SACS email for personal use.

  • CMT recommends you establish a personal email [Google, Yahoo, Hotmail, AOL, etc.] account for personal communications.
  • If you have already used your SACS email for personal accounts or email subscriptions, most of them will allow you to change the email to receive those communications.

Tip 2: Do not trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. 
Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name. 

Here is how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

email screenshot

Since My Bank does not own the domain “secure.com,” DMARC will not block this email on My Bank’s behalf, even if My Bank has set their DMARC policy for mybank.com to reject messages that fail to authenticate. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Do not trust the display name. Check the email address in the header from—if looks suspicious, do not open the email.

Tip 3: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 4: Check for spelling mistakes
Brands are serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 5: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Tip 6: Do not give up personal information
legitimate banks and most other companies will never ask for personal credentials via email. Do not give them up.

Tip 7: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Tip 8: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

Tip 9: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 10: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Return Path found that nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address with more than two thirds spoofing the brand in the email domain alone.

Tip 11: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it


Website by SchoolMessenger Presence. © 2019 West Corporation. All rights reserved.