IT Security

Email Scams and Recognizing them:

Phishing attempts have become more sophisticated with increased quality of imitating a genuine email. Be aware of these warning signs:

  • The message is unsolicited and asks you to update, confirm, or reveal personal identity information (e.g., SSN, account numbers, passwords, protected health information).
  • The message creates a sense of urgency.
  • The message has an unusual “From” address or an unusual “Reply-To” address.
  • The (malicious) website URL doesn’t match the name of the institution that it allegedly represents.
  • The message is not personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
  • The message contains grammatical errors.

What is Email Spam and Phishing?

Email spam are messages sent to many people, often simultaneously, that either contain web links to Internet websites that host malware or contain executable malware within the message designed to infect the computer when opened. These messages are also called junk e-mail.

Phishing is the term for messages sent to individuals via email or text message with the intent to fool unsuspecting recipients into providing personal information, such as usernames, passwords, and financial account information.  They often employ social engineering tactics by creating messages that appear to be legitimate. These messages can also lure individuals to malware-hosting websites.

Spear phishing differs from phishing in that it targets a specific department, division or college, seeking unauthorized access to protected information.  These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, division or college.  As with phishing, these emails will attempt to trick users into divulging personal or financial information, their credentials, or entice them into clicking on a link that could install malware on the computer.

Phishing Email Dos and Don’ts:

  • DO look for a digital signature/certificate as another level of assurance that senders are legitimate.
  • DO use common sense. If you have any doubts, DON’T respond. Contact the Cypress Help Desk at 47157 if you have any questions.
  • DON’T open email that you have any suspicion may not be legitimate.  If it is legitimate and the individual trying to contact you needs to, they will try other means.
  • DON’T ever send credit card or other sensitive information via email.
  • DON’T open email or attachments from unknown sources. Many viruses arrive as executable files that are harmless until you start running them.

For more information visit our Academic Computing website (http://www.cypresscollege.edu/academiccomputing/), Spam and Phishing alerts page where you can see examples of messages received by the campus.

External Resources:

  1. Anti-Phishing Working Group (http://www.antiphishing.org/)
  2. gov (http://www.onguardonline.gov/phishing)
  3. PhishTank (http://www.phishtank.com/)