Phishing Awareness and Tips

Reducing the number of victims of phishing incidents helps reduce the risk of a potential information security breach.


Email Rules for the Road:

1.      No drive-by email this includes your cell phone! Not paying close attention to your actions can have negative results. 

2.      Verify the sender address first (does it look suspicious)?

3.      Review the subject line; does it include a sense of urgency?

4.      Are there obvious grammatical errors in the note?

5.      Verify the legitimacy with your Tier 1 or the IT HelpDesk before responding, clicking links or opening attachments. 

6.      Utilize email encryption (Send Secure) to protect sensitive data sent outside the University.

 

What is phishing: 

Phishing is a scam by which a user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. Examples of this can include (passwords, or banking information). These messages can come in the form of an opportunity for a money making opportunity like working from home or gift cards. Occasionally they include a sense of urgency that includes immediate action including issues with your email account. Many of these include a requested log-in to a web page that steals your user name and password credentials and consequently uses them to access your email. It is easier to spot these messages if you watch for the following; bad grammar, misspelled words, or an external email domain. See an actual example below of an phishing email recently received on campus.


Recent Phishing Example:

From: firstname.lastname.louisville.edu@gmail.com
Date: April 22, 2019 at 2:09:03 PM EDT
To:
Subject: Urgent Request

Available? 

==

UNIVERSITY OF LOUISVILLE

================================

Follow-up Email Response: 

Okay!

I'm in a meeting right now and that's why I'm contacting you through here. I should have called you, but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I need you to help me out on something very important right away. 

Thanks!

================================

3rd Follow-up Email Response: 

Okay!

I need you to help me get an ITunes gift card from the store around there, I will reimburse you back when I get to the office. I need to send it to someone and it's very important cause I'm still in a meeting and I need to get it sent Asap. it's one of my best friend son birthday. 

Thanks!

================================


Strategy suggestion:

Please check the IT Phish Bowl web page (no log-in required) to see the latest threats and check it again before responding, clicking on a link or opening an attachment from a suspicious email message.

It is also recommended that you bookmark the Phish Bowl site and set your browser to launch this page automatically everyday to remind you to verify the latest threats. The site also includes instructions for submitting phishing examples to IT so that they can validate them for you before taking action. You can also contact the IT HelpDesk at 852-7997 for assistance.

 

How to set your startup page in Chrome:

  1. On your computer, open Chrome.
  2. At the top right, click More Settings.
  3. Under "On startup," select "Open a specific page or set of pages".

    Microsoft Edge

    1. In Microsoft Edge, select Settings and more > Settings, and then scroll down to Set your homepage. 
    2. In the drop-down menu, select A specific page, enter the URL https://louisville.edu/its/phishbowl, then select Save.

    If you don't catch the phish, the phish will catch you.