Phishing & Spoofing

Phishing is a type of cyber attack that utilizes emails or malicious websites to collect your personal and financial information or delivers malware to your machine. Cybercriminals try to hook or bait you to click on a link or open an attachment to infect your machine and create vulnerabilities.

Spoofing attacks disguise email addresses, sender names, phone numbers, and websites that you trust and they use this trust to deceive you. The deception is usually done by changing one letter, symbol, or number within the name of the trusted source. This leads you to believe that you are actually interacting with the trusted source and leads you to inadvertently download malicious content, disclose sensitive information, or even send money.

Here are some examples from the Federal Trade Commission’s OnGuardOnline of what attackers may send to phish for sensitive information:

• “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
• “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
• “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

What Can You Do?

1. Play hard to get with strangers
   If you are unsure about an email sender, do not repond or click any links or open attachments. Consider reaching out to the email sender through a second means of communication to confirm the legitimacy of the email. Always be cautious of emails with generic greetings and emails from strangers.
2. Think before you act
   Cybercriminals attempt to create a sense of urgency to cause you to act immediately. They try to create fear that something is wrong with your account or information. Practice caution with emails that try to get you to act immediately.
3. Protect your personal information
   Cyber criminals try to use your personal information and details about your life to for social engineering attempts to get you to skip normal security protocols.
4. Be wary of hyperlinks
   Avoid clicking on links in emails. It is better to open a new web browser and go directly to the website of the intended company. If you want to click a link make sure to hover over it and confirm and verify the authenticity of the link. Ensure URLs begin with “https.” The ‘s’ indicates encryption is used which can help protect your information.
5. Double your login protection
   Enable multi-factor authentication (MFA) on your accounts.
6. Use strong passwords
7. Install and update anti-virus software
   All your connected devices should have an antivrus software which you regularly update. Consider setting up automatic updates for that software.

How to report

You may report potential phishing and malicious emails with one click from your Fordham Gmail safely and in real-time with the Cofense Reporter Gmail add-on.  On web browsers the Cofense Reporter button (which looks like a fish) will appear on the right side of the page in Gmail and on mobile devices it will appear below the opened email. You can learn more about Cofense here: https://secureit.fordham.edu/cofense-reporter/

Remember to reach out to your Fordham IT team if you are unsure about something or have a question or concern. IT Customer Care can be reached by calling (718) 817-3999 or via email HelpIT@fordham.edu.

Sources: cisa.gov