Cybersecurity Awareness

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

Social engineering is a general term used to describe how bad actors manipulate individuals into giving them access to personal information.

Phishing is the most common form of social engineering for stealing an individual’s personal information like IDs or passwords, or for installing malware which can be used for various purposes including ransomware attacks.

Phishing

Phishing attacks are easier to avoid when you know how to spot them.

How to avoid being a victim of phishing

Never click links and attachments in any email that you are not expecting or that look suspicious.
Check the sender's email address to ensure it's legitimate.
Double-check the URL of a link before clicking on anything.
Call the company or person directly using a known phone number.
Use the phish alert button to delete and report the email in one step.

Learn how to read a website address or an email address to avoid phishing

Read the domain right → left: check the registered domain (the label immediately to the left of the top level domain (.com, .edu)

How to Spot the Real Website Name

Look after // and before the next /.
Ignore anything that comes before the main name.
The real site is the last two parts before the first slash.

Example:
https://login.accounts.google.com → real site is google.com
https://paypal.login-secure.com → real site is login-secure.com (not PayPal!)

Hover over links (or long-press on mobile) to reveal the real URL — look for the registered domain.

Beware of unusual punctuation, extra words, or long chains of subdomains.

Prefer typing the known URL or using a saved bookmark rather than clicking links in emails.

Check for HTTPS certificate and the certificate’s registered organization (for sensitive sites).

Use two-factor authentication (2FA) when available.

When in doubt, search for the organization’s site in a search engine (don’t click emails) or call the organization directly using a number you already trust.

Report Phishing

Use the Phish Alert Button in Gmail. This removes the email and creates a ticket for our technology team to investigate.
Create a screenshot of the email and send to tech@blair.edu if you are unsure.

Phish Alert Button

To make it easier for users to report potential phishing emails, we enabled a software button in all faculty and staff Gmail accounts. Please be aware that your Gmail may prompt you to ‘accept’ this feature before fully activating it.

Once activated, the phish alert button will look like an orange hook in Gmail and will appear across the top menu when you open an email.

When you receive an email you suspect may be malicious, press this button to report it. It will automatically delete the email from your inbox and also report the suspicious email to the Technology Office by automatically generating a support ticket. If the email was part of a phishing test launched by our office, you will get a notification that you correctly identified the phish.

If you use Outlook for email, please send in a ticket so our team can install the version for Outlook on your computer.

Report abuse