During the last few years, we have seen an increase in phishing attacks due to the shift to work-from-home jobs. These attacks come in different forms, so it is essential to understand and learn what these attacks consist of to prevent them from harming you. CSUN is always hard at work implementing features to stop phishing attacks coming into CSUN and onto its users. Nonetheless, it is still crucial that you take extra precautions to stay ahead of these attacks and minimize threats to your online presence. Knowing what to look for and what not to do when encountering a phishing-like threat is a great way to start.
Types of Phishing
Spear Phishing
These attacks on a user are typically through email to gather sensitive information about the user. These emails can look like they are from a legitimate service such as Netflix, asking you to sign in to your account. Once you sign into the fake login, the attacker can extract your login credentials for their nefarious use.
- Look at the sender's email. Most of the time, the sender's email is not a part of the company's email domain.
- Look for spelling errors.
- Do not click on any links sent by these emails.
- Block the email sender.
Whaling Attacks
Cybercriminals use this type of attack to impersonate a senior player at an organization and target other individuals within the organization. For example, you may receive an email pretending to be your boss or co-worker asking for sensitive information. Cybercriminals aim to gain this sensitive information, such as credentials, to gain computer system access.
- Look at the sender's email and confirm if that is their email.
- Look for unusual and out of the ordinary requests.
- Do not click on any links within the email.
- Follow up with your higher-up for confirmation of identity.
Vishing Attacks
These attacks are the fraudulent practice of making phone calls purporting to be from reputable companies to trick individuals into revealing personal information. Common vishing attacks include compromised bank or credit card accounts, Medicare or Social Security, and IRS scams. Remember the following:
- Government agencies never inquire by calling
- Screen calls from unknown numbers
- Do not give out personal information such as SSN, bank, or credit card information.
- Do not press buttons or respond to prompts
Before You Click
Before you click on any links, hover over the desired link to verify the website you will be redirected to. DO NOT click on links sent in suspicious emails or instant messages, as they may appear legitimate but may be malicious. When in doubt, go directly to the desired website rather than click on a link.
Never Give Out Personal Information
Generally, you should never give out personally identifiable information to any source you do not trust. Some phishing pages will redirect you to a specifically crafted webpage where they will ask you for information. If you hover over the URL link, you may be able to tell if the website is legitimate. Most often, companies will have their name in the URL. Be wary of any email asking for any personal information. Before sending any information, make sure the email is legitimate or by making sure it is not coming from a malicious email. Do not open any files unless you are aware of what contents are in the file.
Return to October National Cyber-Security Awareness Month
Follow along each week of October as we give tips to help keep your online life safe and secure. Share your appreciation for NCSAM with #BeCyberSmart and #CyberAware.
