Week TWO: HOW TO SPOT A PHISH
Quick Review: Phishing is a cybercrime that relies on deception to influence people into performing an action that compromises personal information or digital security.
In this five minute session, learn some of the more common phishing hallmarks, what to look out for when reviewing an email, and what to do if you suspect an email is malicious. Miss last week? Review Week 1.
REVIEW SOME PHISHING HALLMARKS
Unfamiliar email address
Check the full email address of the sender. Is the domain name one that you recognize as legitimate, or is it attempting to spoof a real account? Check that the email address matches the name of the sender.
Immediate action needed!
Be suspicious of emails requiring immediate action. Often, phishing emails urge you to take immediate action to keep you from thinking it over too much. Be on the lookout for emails with subject lines such as “Immediate Action Required” or “Suspicious Activity Discovered on Your Account.”
Request for, or changes to, sensitive information
No Davidson employee, legitimate company, or bank should ask you to send confidential data over email. Attackers can use compromised email accounts to send phishing emails to people within their network.
Be suspicious if an email asks for a username, password, account number, or other sensitive information. If in doubt, open up a new tab in your web browser, and navigate to the website yourself.
Suspicious links or attachments
Before clicking on a link, locate the source URL, usually by hovering over it. Make sure that it looks like an address that makes sense given the content.
Davidson uses SafeLinks, which rewrites all email links to help protect you from accessing potentially malicious sites. You can see the original URL within the rewritten link to check for potential threats.
Beware of attachments. Never open an attachment if you’re not sure the email is legitimate or if you weren’t expecting that file.
Notices to Keep You Safe
You'll notice different email tags and warning notices on emails in your Davidson inbox. These are designed to help you identify content you'll want to take extra caution with.
External email warnings
These warnings are automatically applied by Davidson T&I to all emails that originate outside of Davidson College. Some trusted emails from service providers are exempted from this notice.
These notices appear when you receive an email from an address that is close to, but not the same, as emails you've received before.
Google external warnings
Google will let you know when you've received a shared a Google Drive document from outside your organization. Make sure that you were expecting this document share, or contact the purported sender separately to double-check before you click on the link.
Test Your Knowledge
Can you spot when you're being phished? Use what you've learned to ace this interactive quiz.
Immediately report a suspected phishing attack to Davidson Technology & Innovation. T&I can prevent other people from being affected by a phishing attack if it’s reported as soon as possible.
Call 704-894-2900 or forward the email to email@example.com.
Additionally, when in doubt, pick up the phone. Don’t hesitate to call the company, department, or person that the email claims to be from if you are concerned an email isn’t legitimate.
Week 3 Releases October 18
Each week in October we'll release another mini-training to help you become more #cyberaware.