February 8, 2019
Phishing is the most popular cyberattack in the digital world today. Cybercriminals often use various platforms (email, text, phone call) to lure victims to click on links to install malware or trick you into divulging confidential information including passwords, credit card details, and other details about yourself. Social media platforms, such as Facebook and Instagram are also prone to phishing. While these platforms typically offer security controls to help prevent phishing, cybercriminals are adept at getting around them.
Think You Are Already a Pro at Recognizing Phishing Messages?
If you think that you already know all there is to know about phishing, head over to Google's recently launched online phishing quiz [1] and test your knowledge.
Tips to Avoid Phishing
The landscape of phishing messages is constantly evolving but you can limit the damage by being proactive. We understand that identifying phishing can be challenging, but if you pay attention and follow these tips, you can avoid phishing attacks.
- Always inspect the senders address to match the organization it claims to be sent from (i.e. your bank would never send an email from a Gmail account)
- Avoid clicking on questionable links - these links could redirect you to phishing sites or sites that install malware.
- Carefully check the email content - phishing attempts often have spelling or grammatical errors
- Don’t fall for offers that are too good to be true - confirm the source and don't provide personal information
- Carefully inspect the URLs (hover over an embedded URL to ensure the hyperlink matches the source)
- Beware of "fake news" - always confirm the accuracy and source of information claiming to be news on social media platforms.
- Don’t open any attachments received from unreliable sources
- Check out resources on your social media platforms. For example, Facebook offers a number of tips on preventing phishing here [2].
- Read more about how to recognize phishing attempts [3]
What To Do If You Receive A Phishing Message in Your UofG Account
- Do not respond or open any links in the email until you have confirmed it is safe.
- Never give your password to anyone. UofG will NEVER ask for your password or login information.
- Check our Recent Scams and Phishing Attempts page [4], if the scam is listed here, delete the email.
- Follow CCS on Twitter (@uofgccs [5]) to receive up-to-date phishing scam alerts, along with other IT security alerts and tech information.
- If you receive a phishing attempt which is not listed on the CCS website or Twitter feed, please forward it to the CCS Help Centre at IThelp@uoguelph.ca [6]
- Report security incidents to the CCS Information Security team via our website https://infosec.uoguelph.ca [7]
Be aware and be safe!
Written by: Satnam Deol (Cyber Security Analyst, Information Security)