How to Recognize a Phishing Attempt
During the Fall 2008 semester, several different email phishing attacks found their way past Skidmore spam filters and into the inboxes of some students, faculty, and staff. These attacks seem to be more and more frequent and are also becoming increasingly clever. A successful phishing attack can have serious consequences for both the individual victim and the college computer systems as a whole. The good news is that phishing attacks can be fairly easy to recognize as long as you remember a few key rules.
First, however, what is a phishing attempt, and why do the attackers do it in the first place? A typical phishing attack wants one thing – your password. While some attacks will try to steal personal information such as a credit card or social security number, most phishing attacks we see at Skidmore want your user account information. A typical phishing attack will come via email and will seem to be from an authoritative source. The message will usually threaten to delete your account if you don’t respond quickly with your username and password. Some of the more advanced attacks have a link that brings you to an official looking webpage where you are asked to log in. The page might look official, but it’s just an elaborate trick to steal your username and password.
Armed with your username and password, the attacker will hijack your email account and bombard the outside world with spam. For a spammer, sending vast quantities of messages from a legitimate account increases the likelihood that the mailings will make it through spam filters all over the world. If your account is hijacked, not only can this make your email virtually unusable, it is also possible that other organizations will begin to block email sent from Skidmore in an attempt to stop the spam that is now coming from the college’s systems. Over the past several months, Skidmore has ended up on several email “blacklists” for this very reason, and getting removed from these blacklists can often be a long, arduous process.
IT recently instituted a new security policy in which everyone must change his or her password annually. As part of this process, emails are sent to remind students, faculty, and staff when it is their turn to change their password, along with instructions for doing so. Since this is a relatively new policy, these notifications have caused some confusion, and several people have questioned the validity of this legitimate message from Skidmore IT.
If you know what to look out for, most phishing attempts can be easily recognized. Here are some key rules to follow when determining the validity of an email.
• The IT department will NEVER ask for you password through email. NEVER email your password to anyone for any reason.
• Pay close attention to the email address of the sender. Real messages will always come from an @skidmore.edu address. If you cannot see the email address, try placing your mouse cursor over, or clicking on, the sender’s name.
• Phishing emails will very often contain misspelled words or bad grammar. While this isn’t always the case, it can be a good indicator.
• Official emails will have very specific information and give a clear timeline of events if action is necessary. Many phishing attacks will give a false sense of urgency to try to trick you into responding before you have a chance to think.
• Always be cautious with links inside an email. If you are following a link and are asked to enter your username and password, make sure that you are on a real Skidmore site.
• Official emails will always be signed with an individual’s name and usually have contact information. If in doubt, call to verify the email.
If you think that you have been sent a phishing attempt through email, forward it to the help desk (firstname.lastname@example.org.) Not only can we help you determine the message’s validity but if it does turn out to be a phishing attempt we can block the return address so that no one at Skidmore can reply with his or her account information. If you think that you may have sent your password in reply to a phishing attempt, change your password immediately at http://www.skidmore.edu/forms or call the help desk at ext. 5900 for assistance.