6 Tips from ITap to Help You Detect Phishing Emails

27 Oct

Phishing image22.pngKirsten Gibson, technology writer, Information Technology at Purdue (ITaP), 765-494-8190, gibson33@purdue.edu

Falling for a phishing scam or accidentally downloading malware can be expensive. It could result in identity theft or ransomware taking your files and data hostage. Your personal information, time and money are all, obviously, valuable to you.

Taking the time to review tips and advice about cyber-security could end up saving you money and a headache.  purdue it phishing security.jpg

In the past month alone, Purdue’s security team diverted campus users 2,537 times from a known phishing site to a Purdue-supported educational page about phishing. And those are only the known phishing sites students, staff and faculty were exposed to from scam emails.

“The primary purpose of phishing is to collect sensitive information and exploit it to gain access to otherwise protected data,” says Franco Cappa, director of information security services for ITaP. “Everyone who works for Purdue is vulnerable to phishing scams.”

The most important thing to remember is that anyone can fall victim to phishing if they’re not paying attention and taking proper precautions. Here are some warning signs that you’ve received a phishing email:

  • The message contains general salutations and signatures. Most phishing attempts begin with generic phrases such as “Greetings valued customer” or “Dear account user.”
  • The URL link is an unsecure address. Emails containing Web links should always be scrutinized. One way to verify a link’s legitimacy is to hover your mouse cursor over embedded links and make sure the link uses encryption (https://).
  • The sender requests personal information. Messages soliciting passwords, Social Security numbers and other personal information are most likely scams.
  • The message asks you to take immediate action. Hackers want you to respond without thinking. Watch out for language directing you to update an account, download an attachment, visit a website or give out personal information.
  • The message contains a suspicious attachment. Legitimate organizations, including Purdue, rarely send attachments via email. Opening attachments can cause automatic malware downloads or lead to compromised personal information.
  • The email promises something too good to be true. Any message offering a cash scholarship or an increase in email storage quota with a single click is a scam.

When you see suspicious email in your Purdue inbox, report it to abuse@purdue.edu with the email included as an attachment.

To attach an email in Windows using Outlook with Purdue’s Exchange service, create a new message and choose “Attach Item” from the drop-down list on the message menu bar. Then select “Outlook item,” and attach the email in question.

On a Mac, right click or control click the suspicious message and choose “Forward Special” and “As Attachment” from the drop-down list.

For additional cyber-security information, and free anti-virus software, check out the SecurePurdue website.

For more ITaP news, follow us on Facebook and Twitter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: