Cybersecurity

Recognize Phishing Attempts

Phishing emails often contain one or more of the following:

• Sense of Urgency or Threat: The message asks you to act immediately, often threatening consequences like account suspension, service interruption, or financial/legal trouble if you don't click a link right away.

• Request for Sensitive Information: The sender asks you to reply with, or click a link to "verify," personal data like your password, Social Security Number, credit card number, or other credentials. Legitimate organizations rarely request this via email.

• Suspicious Sender Address: The email address is slightly misspelled, uses an incorrect domain (e.g., a bank email coming from a @gmail.com address), or doesn't match the sender's name.

• Generic Greetings: It uses a general salutation like "Dear Valued Customer," "Dear User," or "Dear Account Holder," rather than addressing you by your full name.

• Unexpected Attachments or Links: You receive an attachment you weren't expecting (especially files like .zip, .exe, or documents you didn't request), or the email's entire purpose is to make you click a link.

If You Respond to a Phishing Message

Take these steps if you provided your Smith username and password in response to a phishing scam, or if you believe your Smith email has been compromised for any reason:

• Change your password immediately.

• If you have used this same password for any other sites or services–especially financial sites–then change those passwords. (Reminder: do not use your Smith password on any other systems.)

• Check your Smith email account and other Smith accounts that you have delegated access to. Check filters and rules to make sure there aren’t any new ones that you didn’t create. Check both Sent and Trash to see if there are messages that you don’t recognize.

• Contact ITS User Support to request help and get additional instructions, which often depend on the situation. Include the email subject line and the date and time you responded.

• Review Google security information. To review Google security settings and recommendations for your account, select the Google Apps grid (9-dot matrix), found in the upper right-hand corner of your Gmail screen, then select Account. (Alternatively, go to myaccount.google.com.) From the left sidebar menu, select Security and review the information, including any security issues found.

Report a Calendar Phishing Attempt

Report these calendar events as Spam.

• Open the calendar event and select the three dots on the top right, then select Report Spam at the bottom of the list of options. 

• The event will be removed from your calendar.

Adjust Calendar Settings to Help Prevent Phishing

You can adjust the settings for which events appear automatically in your calendar. 

• From your Google calendar, select the Settings menu (gear icon) at the top of the screen.

• Select Settings.

• Select General from the left sidebar, then select Event Settings.

• Select the dropdown under Add invitation to my calendar and choose an option:

  • • From everyone (all calendar invites appear on your calendar)

    • Only if the sender is known (only invites from known senders, including your contacts and other people at Smith, will appear on your calendar)

    • When I respond to the invitation in email (calendar events are not added until you respond to an email invitation)

Visit the Google help article Manage Invitations in Calendar for more details about each option and a quick video of the process.