It may look like an innocent email from your bank, or even mimic a familiar website. But, that attachment you just opened from a ‘safe’ email address is a phishing scam aimed at harvesting your identity and stealing your personal information. Say goodbye to the phrase “it will never happen to me.”
According to USF’s ITS website, “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.” The dangers of phishing are more than real, as attackers mimic trusted websites that you are familiar with, claiming that they are your bank, delivery service, or even family member. By opening a link or attachment from an email sent to you from an unverified source, your machine could become a victim to a ‘drive-by download’ or infected attachment whereby malware is embedded into a website or attachment in an attempt to attain your private information and steal your identity. This material can be used by an attacker for many different purposes‒and all done under your name‒which can lead to unsafe and unwanted consequences.
“Any email user, company, institution, etc. can be a target of phishing attacks, and USF falls into this scope targets,” commented Nick Recchia as I asked about USF’s recent decision to implement PhishMe, a faculty/staff phishing education program. Following Fordham University’s adoption of PhishMe, USF is the second AJCU school to leverage this service.
ITS has continued to strengthen measures against real phishing scams, and further protection from these dangers will develop through educating the targets of phishing scams‒USF faculty and staff. PhishMe provides education by way of simulated phishing attack emails. In a real attack you may get lured in, click a link, and not know what is going on or what will happen until it is too late. However, in a PhishMe simulation after clicking on a link (or opening an attachment) you’ll receive instant feedback that your action was not wise and education material will be presented.
Over the course of a semester, faculty and staff can expect to receive up to six PhishMe related phishing simulations through this newly implemented program at USF.
Phishing scams can come from any email address and any company, and while ITS is doing as much as possible to prevent attacks and malware from entering the USF network, ultimately it is your decision to open an email or mark it as unsafe ‘spam’. So, when checking your emails on a daily basis, take a few seconds to decide whether to double-check that the link you are about to open, or the attachment you are asked to download is authentic, verified, and safe. After all, it is much easier to spend a few seconds double-checking an email than it is to deal with stolen personal information.
For more information on PhishMe, the dangers of phishing scams, and solutions to dealing with phishing attacks, please visit http://www.usfca.edu/its/security/seta/phishme/