Preventing Phishing – Cyber Security Awareness Month 2017

Categories: Cyber Security Awareness Month Security

With the increase in fraudulent emails to Oklahoma State University employees over the past year, now is as good a time as any to develop best practices for keeping your devices malware free and your information secure. October is National Cyber Security Awareness Month and with the help of the Department of Homeland Security and the National Cyber Security Alliance, DASNR IT is here to shed some light on phishing attacks.

Phishing (pronounced “fishing”) is the attempt to obtain sensitive information such as usernames, passwords, and credit card details often for malicious reason, by disguising as a trustworthy entity in an electronic communication.[1]

A phishing email can look like it comes from a financial institution, your favorite online shopping website, or even Oklahoma State University itself. Many of these emails are asking you to act quickly because, for example, your account has been compromised and a recent online order cannot be fulfilled without payment. Stop and think before deciding to click any links or open any attachments that might have come with these emails.

According to Symantec [2] the vast majority of malicious emails will contain links that will take you to websites containing malware or the message will have attachments infected with malware. If you are unsure if an email request is legitimate, try contacting the company directly using information you already know or info that can be easily obtained online.

Phishing, spam, and other scams aren’t limited to just email. Social networking sites such as Facebook are also prevalent with malware. Online advertisements, Facebook status updates, and tweets can also contain malicious links, so “when in doubt, throw it out.” Most online sites, including social networking and media websites, have ways to report spam and phishing as well.

Oklahoma State University has a way to report fraudulent email. You can forward any email you receive to your okstate.edu account and believe to be malicious to spam@okstate.edu which is monitored by OSU IT Security. When they find malware that is contained in the email links or attachments, they can respond to the email administrators and then initiate filters to, hopefully, prevent anyone else from getting the email as well.

Below are some links with more information to help you remain vigilant against phishing attacks and, as always, contact your support specialist if you need any further information.

• https://www.dhs.gov/publication/ncsam-phishing-awareness-2017-poster
• https://www.dhs.gov/science-and-technology/cyber-tip-become-cyber-savvyprotect-against-phishing-attacks
• https://www.dhs.gov/sites/default/files/publications/Phishing_0.pdf
• https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/

[1] https://en.wikipedia.org/wiki/Phishing

[2] https://www.symantec.com/security-center/threat-report