MU Information Security Alert…
Don’t get hooked by a holiday e-mail scam!
Phishing is a fraudulent process used by spammers to acquire sensitive information from users such as usernames, passwords, and credit card details. Email recipients are often deceived by phishing attempts since messages appear to be sent by legitimate and trustworthy sources.
ALWAYS be wary of unexpected e-mail messages (regardless of the apparent source) which include file attachments, web URL’s, or are written with a sense of urgency for you to provide computer passwords or reveal personal financial information.
During the holiday season, we expect cyber-criminals to continue to attempt to trick us into sharing sensitive information with these types of messages:
• An ‘urgent fraud alert’ sent from your bank or other financial institution;
• An ‘online order is delayed’ notice from an online retailer;
• A ‘click-here-for-too good-to-be-true’ coupon or rebates;
• An ‘attempted-delivery-rescheduled’ notice from UPS, FedEx or other shipping service when you might be expecting a package.
If you receive one of these messages…
Please protect yourself by following the principle of STOP-THINK-CONNECT:
• STOP. Do not act too quickly.
• THINK. Do I have an account with this bank? Did I order something from this online retailer? Am I expecting a delivery notice? If not, then you should delete the e-mail message.
• CONNECT. If you are a customer of the organization, then connect safely in the following manner: Do NOT respond using any URL included in the e-mail. Rather, open your web browser and type in the web address or use a previously saved shortcut to connect to your bank, retailer, or shipping service. If there really was a problem with your account, order or shipment, it should be apparent.
If you receive an obviously fraudulent e-mail message….
We ask that you take the following actions:
1) Please delete the message from your inbox if it is obviously fraudulent.
2) As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however
3) If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304) 696-3200 / firstname.lastname@example.org.
Protecting Yourself From E-mail Fraud (aka Phishing)
InfoSec Tip #7: Don’t Be Tricked
Thank you for your continued awareness,