Avoid becoming phishing bait

posted in: Tech Talk | 0

tech-talkAs we start the new year it’s important to stay watchful for the ever-evolving threat of phishing.

Chemeketa IT will NEVER ask for your credentials in an email and NEVER ask you to authenticate or validate your account by clicking on a link and logging into a non-Chemeketa website.

If you receive any suspicious emails claiming to be IT or another support department asking you to click a link, enter in secure information, or provide any of the private information listed in the examples below call the IT Helpdesk immediately at 503.399.7899 and we will help deal with the threat. You can also create a support ticket by emailing tac@chemeketa.edu.

To help with understanding these phishing attacks, IT has included some general phishing information below. Thank you for your help in making Chemeketa safe and secure.

PHISHING TIPS

Examples of phishing messages:

You open an email or text, and see a message like this-

  • “We have noticed some increase in phishing activities on our network and we are taking a precautionary measure. You are required to validate your account using this link <BAD LINK> so that we can quash any threat to our network.”
  • “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
  • “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

Information phishers are attempting to gain:

  • Name and username.
  • Address and phone number.
  • Password or PIN.
  • Bank account number.
  • ATM/debit or credit card number.
  • Credit card validation code (CVC) or card verification value (CVV).
  • Social security number (SSN).
  • Birth Date.

Protect these pieces of information and any others that you feel are important by making sure that you scrutinize when and to whom you provide this information.

How to deal with phishing attempts:

Delete email messages that ask you to confirm or provide personal information. Legitimate companies don’t ask for this information via email or text.

The messages look like it’s from some place you do business with. Closely look at who sent the email. It might say something like “My Trusted Bank (scammer@badplace.com)”. Or you might see a slightly mistyped email address like “BancOfAmmerica” instead of ‘BankOfAmerica”.

Don’t reply, click on links or call phone numbers provided in the message. These can direct you to spoof sites – websites that look real but only exist to steal information so scammers can run up bills or commit crimes in your name.  A common trick is to have a link that says something like “www.TrustedLink.com” in an email.  If you hover over it (but don’t click), there should be a text towards the bottom of your screen.  If this link is a bad link, it might look like “www.VeryEvilLink.com” instead of “www.TrustedLink.com”.

Email attachments can also be dangerous. Hackers can imbed viruses in attachments that infect your computer when opened. Be very cautious when opening email attachments, especially if you didn’t request attachments.

If you might have been tricked by a phishing email:

  • Immediately contact Chemeketa’s IT Helpdesk for support at 503.399.7899.
  • You can also initiate a support request via email at tac@chemeketa.edu.

Take a quiz:

CBS News created a small phishing quiz that contains some of the most common phishing methods today.