Protect Yourself from Phishing. Don’t Take the Bait!

SU’s observance of National Cyber Security Awareness Month focuses on the most challenging and widespread information security issues. Among the most pervasive and powerful threats is phishing, a method of attack that uses human nature to victimize people by getting them to perform certain actions or divulge private information.

The Bait:        emails with embedded links, often with specific, private information about or regarding you

The Net:         links to fake web sites that look like the real thing

The Hook:      offers too good to be true, or reasonable-sounding requests from apparently trustworthy sources, including your colleagues, friends and family

The Prize:      access to your social security number, bank accounts, credit cards and computer resources

The Cost:       your money, your privacy, your credit rating, your time, your reputation, your peace of mind

Don’t take the bait! The Internet is riddled with email and phishing scams, hoaxes, fake web sites and other schemes that hackers and identity thieves conjure up to trick you into revealing personal and confidential information. Often these appear to come from what sound like official SU services (“Syracuse Tech Support”), and seem well acquainted with you. They’ll request passwords, social security numbers, bank account numbers and other information that you should never reveal via email or on a web site. They might ask you to “update,” “validate” or “confirm” your account information. These messages link to websites that look just like those of legitimate organizations. But they’re not. They’re bogus sites whose sole purpose is to trick you into giving out your personal information so the perpetrators can steal your identity, run up bills or commit crimes in your name. These attacks are increasingly more sophisticated, targeted and devious.

Every piece of unsolicited email should be looked at with a cautious eye. If you’re suspicious of any message you receive, please contact Information Technology and Services (ITS) for assistance. It’s best to not open any email from senders you don’t recognize.

Be wary of any email that requests personal information or directs you to click on an embedded web link within the email. ITS, SU and other reputable organizations will NOT ask for this type of information via email. When in doubt, DON’T CLICK!

Phishing attacks clutter mailboxes and waste University computing resources. Some contain malware that can compromise personal computers (including Macs) and the SU network. Com­promised machines found on the Syracuse University Network will need to be rebuilt.

The good news is that together we can defend against phishing attacks.  Thanks to the combination of ITS’s email filtering software and your security awareness and good practices, phishing attempts can be recognized and stopped. Follow these tips to protect yourself and the University from phishing attacks:

• Be suspicious of any email that asks you to click on a link. Verify that the sender is actually who they appear to be before clicking on any links.
• Verify the URL of any link before you click it by hovering your cursor over the link and examining the URL. If you don’t recognize the URL, don’t click it.
• Never open attachments unless you have verified that the sender is actually who they appear to be in the message.
• Delete any suspicious emails, before opening them if possible.
• Don’t provide credentials to a website if you are not 100 percent sure of its validity. One good technique is to provide false credentials on first try to ascertain if it is a valid site.
• Keep your computer software updated and patched.
• Make sure your computer’s firewall is installed and running.
• Remember that nobody at SU will ever ask for your NetID or password for any reason, in any form other than when you’re logging in to an SU system. If somebody does, they’re not representing the University or any if its offices. Report any such occurrences to  itsecurity@listserv.syr.edu.

If you need more information, or assistance with verifying any email messages, please do not hesitate to contact your local IT support team or the ITS Service Center (if you’re a student) at 315-443-2677 or help@syr.edu.

To receive timely notification from ITS of current information security updates and news follow SecurecUse on Twitter and Facebook. For more about information security, visit SecurecUse.syr.edu.

Find out more! Please join ITS’s Information Security team at a live workshop on October 29. The workshop will feature a talk by our Director of Information Security, Christopher Croad, and demonstrations of security threats and ways you can counter them. The hour-long workshop will be held in room 304 in the Schine student Center at 11:30 a.m., and includes pizza and great giveaways for all attendees.