Tuesday, February 24, 2015

Go Phish?

What is "Phishing"?

Phishing, as Wikipedia defines it, is:
"the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.  Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public."

The email below is a phishing scam.  Can you find the clues?

How to Spot Phishing:

  1. Check that you know the name of the person sending the email. Even if the name on the email is familiar, that's not enough. Anyone can create an email account with a name that you know.
  2. Check that the email is coming from our domain (...@manhattan.edu). In this example, the email is coming from "...@manasquanboe.org". That's a huge clue that something is not right.
  3. Do not click on suspicious links. First, hover over links to see where they point. Links can be deceptive. A link can say one thing, and point to a totally different website. For example, this link points to the ITS website. The text claims that the link points to our ITS website, but it doesn't actually point to the ITS website. Tip: Hover over links before clicking on them. When you hover over a link, the website that it points to will appear in the lower left hand corner of the browser window. If the website does not look legitimate, do not click on the link.
  4. Make sure the email has our ITS Footer. The "ITS help desk, ADMIN TEAM" in the example above is not what an email from us would look like. Our emails will always include the following red footer:

When in doubt:

Call us at (718) 862-7973 or forward the email to us at "ITS@manhattan.edu".