Don’t fall for phishing

In today’s interconnected world, email is an integral part of our lives. However, as the digital landscape continues to evolve, so do the tactics employed by cybercriminals.

One particularly concerning trend is the rise in email impersonation attempts and phishing.

Phishing emails look legitimate but are designed to trick individuals into revealing personal information, such as passwords or credit card numbers. They may include embedded links that can also lead to the installation of malware — software designed to cause damage to a computer, device or system.

“When faculty, staff and students use computers on campus, Concordia’s firewall and desktop tools provide a certain amount of protection. Now, with people using their own phones or computers more often, we often don’t know what level of protection is available on their home devices,” says Mike Popoff, chief information security officer at Concordia’s Instructional and Information Technology Services (IITS).

“That’s why users should be hypervigilant. It’s important for people to recognize phishing emails, which usually have a call to action or a link or ask for credentials or personal info.”

Popoff emphasizes the importance of adopting a proactive stance against these threats. To that end, he shares some actionable tips to help keep safe from phishing emails as well as from being impersonated:

Avoid getting reeled in by phishing

Most people’s inboxes are full of dubious messages. Here are some simple ground rules for identifying unwanted email:

• Unsubscribe from legitimate senders. This will keep your inbox clean so you can focus on spotting real attacks.
• Never click links from unknown senders, even the “Unsubscribe” link. Play it safe by deleting the email or using the “mark as spam” feature to help block future messages.
• Be intensely skeptical of any email from someone you don’t know. When in doubt, delete.
• Be aware of what you share online. Online quizzes that ask for personal data can be used by spear phishers to gather information for potential security questions.
• Stay alert for suspicious requests from otherwise trusted individuals, such as unexpected wire transfers or requests to disclose sensitive information.
• Be wary of emails with a tone of urgency, even if they seem to be from trusted sources. Alarmist emails try to provoke you into making hasty decisions. Instead, follow up with the person directly.

Other ways to remain vigilant

The main goal of phishing is to trick you into performing a desired action such as clicking a link, downloading an attachment or filling out a form. Here are a few warning signs to look out for:

• Multiple addressees on the “To:” line should be examined carefully.
• Messages that address you generically, such as “Account Holder” or “Customer,” are a sign that the message may not be from a trusted source.
• Keep an eye out for spelling errors. Big companies and social networking sites check their spelling in form letters prior to sending them out.
• Beware of links within messages, especially if they don’t display where they are taking you.
• Attachments can be serious threats. Opening them can introduce malware into your system. Any attachments, especially unexpected ones, should be regarded with suspicion.
• Be wary of forms that ask you to enter personal information like your password. If you’re unsure, try navigating to the website using an official link.

Tips to avoid being impersonated

Here are some ways to protect your personal information and the Concordia community:

1. Be cautious with personal information: Avoid sharing sensitive personal information, such as your email address, password or security-question answers, through email or other insecure channels. Be particularly wary of requests for personal information in unsolicited emails.
2. Use your Concordia email accounts for communication: Concordia’s email infrastructure is carefully managed by IITS with strong security settings, access controls and advanced spam and malware features in place to safeguard sensitive information.
3. Be consistent with your communication channels: When you consistently use the same email address, it becomes familiar to the people you regularly communicate with, which helps build trust and reduces the chances of falling for impersonation attempts.
4. Regularly monitor your email account: Keep an eye on your email account for any unusual activities or suspicious emails that may indicate someone is impersonating you.

It is equally important to practice good security habits, such as using strong and unique passwords, enabling multi-factor authentication and keeping your devices and software up to date.

Beyond individual changes, students are encouraged to watch these short information capsules, and faculty and staff should complete Concordia’s impersonation awareness training as well as the mandatory phishing training to stay up to date on ways to reduce data breaches.

“We are all in this together. If you suspect an email to be fraudulent or encounter any suspicious activity, please report it immediately to IITS,” says Popoff.

“Your vigilance can make a significant difference in protecting yourself and the Concordia community.”
 

Visit the Concordia’s IT Security page to learn valuable information about protecting your identity.