Phishing Awareness
Suspect a phishing email? Report it by forwarding the email message to phishing@brandeis.edu or contact the Technology Help Desk at 781-736-4357.
Make Phishing Attacks History
"More than half of U.S. organizations faced successful phishing and/or ransomware attack in 2019"1 and many of those attacks began with social engineering — ranging from simple to sophisticated. Social engineering involves the use of deceptive communication aimed at convincing the target or recipient to do something the cybercriminal wants them to do. Social engineering attacks commonly focus on generating a sense of urgency in a message that appears to come from a trusted contact.
The more sophisticated attacks begin with research, where a cybercriminal reaches out to a target to gain information and resources. Often, it is a stranger claiming to be someone you trust, such as your employer, IT department, or a business you work with. When someone contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack.
Phishing Attacks 101
Social engineering attacks are most commonly seen via email, known as phishing emails. Phishing can also occur in other forms, such as texts or phone calls. Most commonly, a phishing email uses a sense of urgency to direct the victim to visit a website designed to steal the victim's account credentials. Some phishing attacks are straightforward, for example, "Update your password now!!!!" and can easily be detected because they typically are not written well (poor grammar and word choice). However, some attacks are sophisticated, look like they come from someone you trust, are well written, and lead to a site that closely resembles a legitimate website.
What You Can Do
Technological solutions like spam filters do a good job of blocking the most common phishing emails, but you are the last line of defense. With your help, we can keep you, your account, and Brandeis resources safe and secure and make phishing attacks a thing of the past.
Keep the below guidelines in mind to help identify and avoid phishing messages.
- Be on guard. If you don’t recognize the sender, the message may be a phish.
-
Read between the lines. If the email contains unexpected spelling or grammatical errors, it's probably not a legitimate email.
-
Beware before you share. Never give away personal information such as passwords, credit cards, or social security number. Go directly to a company’s website to verify their communications and don’t use links within suspicious emails.
-
Look but don’t click. Recognize the links? Hover your mouse over any link(s) before clicking to review the web address. If the link address looks strange, don’t click it.
-
When in doubt, throw it out. Even if you know the source, if something looks suspicious, delete it and report it.
1Jessica Davis, "Ransomware, Phishing Attacks Compromised Half US Orgs in 2019," HealthITSecurity, January 28, 2020.