8 tips to protect yourself against phishing

On request of the university, cyber security company Fox IT sent a phishing mail to 2000 employees. About 9 percent of the addressees clicked on the malicious link and became ‘infected’. Luckily, it was only a test, but phishing e-mails are commonplace. To prevent becoming a victim of malicious e-mails, Chief Information Officer Dado Grozdic has eight tips for you.

1. Limit what you share online

The less you share about yourself, the smaller the target you are for a phishing attack. Cybercriminals use information you post online to learn how to gain your trust.

2. Protect your credentials

No legitimate company or organization will ask for your username and password or other personal information via e-mail. The University definitely won’t. Still not sure if the e-mail is a phish? Contact your IT help desk.

3. Beware of attachments

E-mail attachments are the most common vector for malicious software. When you get a message with an attachment, delete it unless you are expecting it and are absolutely certain it is legitimate. If you’re not sure, call the sender at a number you know is legitimate to check.

4. Check the sender

Phishing messages can look official. Cybercriminals steal organization and company identities, including e-mail addresses, logos, and URLs that are close to the links they’re trying to imitate. Check the sender’s e-mail address. Any correspondence from an organization should come from an organizational e-mail address. A notice from your college or university is unlikely to come from [email protected].

5. Trust your instincts

If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via the website, e-mail, or telephone number that you looked up— not what was provided in the message.

6. Take your time

If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.

7. Don’t click links in suspicious messages

If you don’t trust the e-mail (or text message or post), don’t trust the links in it either. Beware of links that are hidden by URL shorteners or text like “Click Here.” They may link to a phishing site or a form designed to steal your username and password.

8. File a report at the IT front office

You are probably not the only one who has received this phishing email. Prevent others from falling victim to the attack and report to the front office as soon as possible if you think you are dealing with phishing: [email protected].