We’ve all heard the news about the computer hacking incidents at Sony, Anthem, and even the Department of Defense. What you may not know is that hackers often take advantage of the heightened fear over protecting sensitive information that follows these types of incidents by soliciting victims’ passwords and other account info via phising emails.
Many of you have seen these types of emails before. Some are easy to spot, such as those promising millions of dollars from a long-lost relative if you simply supply your bank account information for the wire transfer. (Trust me, if I had a rich relative, I’d know about them already.) Or how about the one requesting that you wire money immediately to help one of your friends who was mugged while traveling abroad? (Were we really that good of friends anyway?)
On the other hand, some of these emails may appear very legitimate. They usually arrive in your inbox with an alarming subject line warning that your password has expired or is not strong enough to protect your account. These emails encourage victims to click on a link to update their password immediately. However, victims who fall prey to this scheme are actually providing hackers access to their login info.
Many victims often remark how convincing the emails were (some emails, like the one above even contain official company branding). Most victims say they merely trying to protect their account and follow instructions. After all isn’t that what us IT guys always say? “Update your passwords often!” However, if you follow the following 2 rules, you should be able to avoid getting hooked in a phishing scam.
1. If in doubt, DELETE it! – If something looks suspicious, just throw it away. It is always best to play it safe and err on the side of caution. If you think it might be real, check the sender’s address. If you don’t recognize the sender, delete the email or contact the sender to verify the validity of their request.
2. Check Before Entering Your Password – Don’t ever enter your password, unless the website has the following:
- Encryption – the web address must show https or the lock icon
- Matching Domain – the web address should match the organization
While it is perhaps best to simply never supply sensitive information over email, we are fortunate enough to belong to a small community here at Pepperdine where it is easy to verify if someone legitimately needs your personal info. I personally abide by the old adage “if someone really needs my information, they’ll call (or write) back.” So please help protect yourself and Pepperdine’s network by following the above guidelines to avoid phishing scams.
If you would like more information on how to recognize and eliminate phising email, please visit Pepperdine Univeristy’s Phishing Information Page, check out the phishing FAQ, or view Examples of Phishing and suspicious emails.
TIP: Remember, you can always view the full address of a hyperlink by simply hovering over the link without clicking on it. If the address isn’t linking to a trusted site, DON’T CLICK!