9 Ways to Protect Yourself Against Email Scams
March 20, 2017
Inside Higher Ed recently reported on an increase in extremely sophisticated spear phishing attacks targeting small colleges just like ours.
Spear phishing attacks are emails that appear to be from known or trusted senders. They are cleverly designed to trick recipients into replying with sensitive information.
These emails will appear to come from someone you know or interact with frequently. They could be practically indistinguishable from normal communications with that person.
Even when you receive a communication from someone you trust implicitly, you should always question it.
On the Internet, there is simply no guarantee than anyone is who they seem to be.
Here are nine effective ways that we can protect ourselves from phishing attacks:
- Don’t open unsolicited email messages or web links from unknown senders. On the Internet, anyone can send anyone else an email, and as with all things related to digital communications, distance is irrelevant. Any time you are reading email, you should be as alert as you would be while walking through an unfamiliar neighborhood at night.
- Never send sensitive information in an email. Email messages are sent across the Internet unencrypted, so they can be read at any point along the way. If you wouldn’t put it on a postcard, don’t put it in an email.
- Before submitting sensitive information in a web form, check that the connection is secure. It should be using the HTTPS protocol and present a valid certificate. Pay close attention to the domain name in the address bar.
- Call the company to confirm whenever you’re not sure whether the message is legitimate.
- Type the address of your bank into your browser and log in directly, rather than following links sent to you. Avoid cutting and pasting links from an email message into a new browser window. Many people think that this technique will help them determine whether a website is legitimate; however, phishers can make links appear as if they go to a legitimate site while sending you to another website that they control.
- Never click links within emails that ask for personal or financial information. Hackers can retrieve information from your computer in various ways, including accessing stored information and monitoring keystrokes.
- Never call unfamiliar company phone numbers listed in an email. A common scam asks you to call the phone number listed in the email to update your account information. Sophisticated technology can mask an area code and pert the call to anywhere.
- Be wary of emails that seem urgent. Phishing emails often state that “immediate action is required” in order to tempt you to respond without thinking;
- Pay close attention to the web address if you choose to access a company’s website through an email link. Some phishers register domain names that look similar to the legitimate domain name of a company. If there is any doubt, open a new browser window and type the web address yourself.
As always, if you have concerns or questions about emails that you receive, call our Helpdesk number at 564-4433 for assistance.
Stay up to date with the latest info on this and related topics on our LITS Information Security web page.