Phishing Awareness and Tips

Reducing the number of victims of phishing incidents helps reduce the risk of a potential information security breach.


Email Rules for the Road:

1.      No drive-by email this includes your cell phone! Not paying close attention to your actions can have negative results. 

2.      Verify the sender address first (does it look suspicious)?

3.      Review the subject line; does it include a sense of urgency?

4.      Are there obvious grammatical errors in the note?

5.      Verify the legitimacy with your Tier 1 or the ITS HelpDesk before responding, clicking links or opening attachments. 

6.      Utilize email encryption to protect sensitive data sent outside the University.

 

What is phishing: 

Phishing is a scam by which a user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. Examples of this can include (passwords, or banking information). These messages can come in the form of an opportunity for a money making opportunity like working from home or gift cards. Occasionally they include a sense of urgency that includes immediate action including issues with your email account. Many of these include a requested log-in to a web page that steals your user name and password credentials and consequently uses them to access your email. It is easier to spot these messages if you watch for the following; bad grammar, misspelled words, or an external email domain. See an actual example below of an phishing email recently received on campus.


Recent Phishing Example:

From: firstname.lastname.louisville.edu@gmail.com
Date: April 22, 2019 at 2:09:03 PM EDT
To:
Subject: Urgent Request

Available? 

==

UNIVERSITY OF LOUISVILLE

================================

Follow-up Email Response: 

Okay!

I'm in a meeting right now and that's why I'm contacting you through here. I should have called you, but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I need you to help me out on something very important right away. 

Thanks!

================================

3rd Follow-up Email Response: 

Okay!

I need you to help me get an ITunes gift card from the store around there, I will reimburse you back when I get to the office. I need to send it to someone and it's very important cause I'm still in a meeting and I need to get it sent Asap. it's one of my best friend son birthday. 

Thanks!

================================

Additional Information:

For additional information please go the ITS phish training page at: https://louisville.edu/its/phishbowl/bkup/phish-training. You can also contact the ITS HelpDesk at 852-7997 for assistance.

 

 

If you don't catch the phish, the phish will catch you.