Over the last few months several OAISD Employees have received phishing attacks and spoofed emails, creating potential for their accounts or personal data to be compromised.
Spoofed messages are a type of spam that is designed to look like they came from a person or organization that may be familiar to you. The message could also look like it was meant for someone else, but was sent by you accidently.
Phishing is a specific type of spam that tries to trick you into login ID’s, passwords or credit card numbers. In most cases phishing isn’t trying to sell you something, but attempting to fool you into thinking something bad will happen if you don’t follow through with the request or responding to a threat or sounding threatening. The goal is to collect personal and financial information or infect your computer with malware and viruses.
Spear phishing is a much more specialized phishing attack focusing on smaller groups and individuals. Spear phishing is targeting you as an individual, they may refer to you personally “Hi Sally”. The email may reference a recent online purchase, a “mutual friend” and requesting you take action, sometimes sounding threatening or too good to be true offers.
Example, Sally works in the accounting department and she just received an email from her CFO (spoofed) requesting she send a report of last weeks payroll including staff names and Social Security numbers. The CFO’s email address was correct, the email seemed legitimate, the email was directed to her, Sally sent the information requested.
How are cyber hackers retrieving this information about you? Your web presence! Cyber hackers scan social media sites, twitter, looking for your email address, and your friend list. Maybe you posted on social media that you just bought a new bike from company xyz and you love it! Hackers could spoof the company xyz email and send you an email about a special promotional that company xyz is offerring you because you bought a bike from them. Maybe a special phone mount for your bike, you just need to click on the link and it’s free! DON’T click on the link! Instead call company xyz and find out if this is legitimate.
What can you do to protect yourself? If you receive an attachment from a colleague and you weren’t expecting one, don’t open! Give them a call and double check.
Think before you automatically open attachments. Too good to be true? Probably!
Secure passwords – join IT’s Cool jibe stream to learn more on strong secure passwords.
If you are concerned about an email that you have recieved, or may have accidently clicked on an email that is suspicious, please call the Help Desk immediately for assistance.