Cybersecurity
Preventing Phishing and Spoofing Attacks
Learn more about phishing scams and how you can protect yourself and Spring Hill College.
Phishing Attacks
Phishing attacks are emails disguised as being from a legitimate source that attempt to get the receiver to reveal sensitive information. Phishing attacks are common at all businesses, and colleges and universities are no different.
Spring Hill College uses Google Workspace as our email platform which offers several tools to protect us from phishing attacks but no method is perfect. If you receive a suspicious email – do not open it or click on any links. Please immediately mark the email as SPAM in the Gmail interface.
Spoofing
Spoofing is a type of email impersonation to trick the receiver into completing an action. The display name that shows in your email account is easy to change. Bad actors can change their display name to be from a person or company you know and trust (like your bank or the college president). The easiest way to check for spoofing is to hover your mouse over the sender’s display name. The email address the message was sent from will pop up and you can determine if it is from a trusted source.
Also look for
Key Things To Check:
The email address and not just the display name of a sender should be checked.
The email itself may have misspellings or be in an urgent tone.
You may be asked for personal information.
Phishing and spoofing attacks can be successful if just one person in the organization clicks a link, downloads a malicious attachment or completes the task from the phished email. We have to be vigilant as a community to keep ourselves safe from phishing attacks.
Recognizing Phishing and Spoofing Attempts
The message...
Is unsolicited
Requests urgency
Does not embody the correct "tone" of the sender, or contains obvious misspellings or grammatical errors
Contains verbiage like "I am using my personal email" because of this or that
Appears to be from someone important to the college, but is not from an shc.edu email account
Is sent from an email address that is similar to legitimate SHC email accounts (shcpresident@gmail.com)
Is too good to be true
Asks for personal or financial information
Embeds suspicious web links (forms are particularly dangerous)