It’s only the first day of classes and we have our first phishing attempt. Criminals are using the craziness of the first day back and lack of awareness by the newest members of our community to try and steal you personal information. If you receive an email with the following message, please delete it. If you did click on the link, please contact the IT Help Desk immediately at 214-768-HELP. This message was not sent from the University and is a phishing attempt.
If in the future, you have any questions about the validity of a message, please feel free to contact the IT Help Desk at 214-768-HELP.
Tag: Phishing
Web links rewritten by new anti-spam feature
On Tuesday, July 2, SMU implemented a new feature as part of our anti-spam defense to rewrites web links considered questionable, included in inbound emails. The purpose of the rewrite is to prevent phishing and malware scams by forwarding certain web requests to a proxy service for analysis. While some benign links might be overwritten, the service protects against “zero-hour” exploits where the threat could be unknown. If a link is still considered suspect at the time it is clicked, the you will receive a prompt to either decline or proceed to the website in question.
The URL rewrite policy was recently adjusted on Thursday, July 7, and our team will continue to monitor the service to ensure that the policy is neither too lenient, nor too aggressive when rewriting the web links. Please contact the IT Help Desk at help@smu.edu if you have any questions regarding this change.
New Email Phishing Simulations Coming Soon
Phishing attempts are email messages sent by hackers pretending to be your friends, coworkers, or trusted companies. These emails try to lure you to reveal your personal information, such as your passwords, credit card numbers, or bank account numbers, with alarmist sounding messages. Some may even direct you to an official-looking website requesting such information. These websites may also be infected with computer viruses or other forms of malicious software. Phishing messages have potential to damage our IT infrastructure and expose sensitive University data.
Due to the increased volume of recent phishing attempts, SMU’s Information Security Team is launching another round of the phishing awareness program, AntiPhish. This program will send simulated phishing emails, analyze how SMU employees respond to these messages, and track the success of employees in recognizing and deleting phishing emails. For those falling victim to the phishing attempts, the Information Security Team will offer training tools to help employees learn how to avoid falling victim to phishing messages. The phishing simulations will take place at SMU in the coming weeks.
As a reminder, if you receive any email message that appears malicious or asks for confidential personal information, Information Security asks that you do the following:
- Contact the IT Help Desk or your local IT Support group regarding the email.
- Delete the email from your mailbox without clicking on any hyperlinks or attachments.
For valuable resources and other information, please visit the Information Security website at www.smu.edu/OIT/Infosec.
If you have questions about the upcoming phishing simulation or training tools, please contact the IT Help Desk at 214-768-4357 (HELP).
Phishing Exercises Coming Soon.
No. It’s not about fish doing Zumba.
Twice per year, SMU conducts a simulated phishing exercise where the University sends a simulated phishing message to employees based on the types of phishing messages we have most recently received. Last year, over 100 SMU accounts were compromised due to users falling victim to these attacks so we are committed to reducing our click through rate through user education and awareness. When we started the simulated phishing awareness campaigns in 2013, we saw a 40% click-through rate. In 2014, we reduced that click-through rate to 20%. In our first campaign of 2015 that number had dropped to just 10%.
Identify Online Shopping Scams
By Rajat Shetty During the holiday season, Cybercriminals’ potential victims are often caught up in the frenzy of shopping, finding the best deals, and acting quickly to take advantage of limited offers. Email and social networks are clogged with sales and offers, both legitimate and fraudulent. Sometimes haste causes shoppers to miss the warning signs of a fraudulent website.
Avoid Suspicious Websites
Make sure you cross check the contact info before submitting your payment details. In many cases, fake websites put up incorrect contact info like a wrong phone number or an incorrect address. A few other warning signs of suspicious websites are lots of broken links, grammatical mistakes, and spelling errors. If in doubt, don’t check out!
Verify the Web Address (or URL)
Before you type in any credit-card numbers at check out, check the Web address, or uniform resource locator (URL), of the payment page and make sure it’s using a secure connection. You should be seeing either the character string “https://” before the website URL, or a small icon of a green padlock. Also, make sure the URL address is correct, and not a slight misspelling of the real address or a random URL.
For example, check the snapshots below for the official website of Beats headphones. The first one is the original website, whereas the second website is a fraudulent one having the exact layout and font style as the original website. The difference is, when you pay through credit card or debit card on the 2nd website you are not going to receive any headphones (Not even a fake one!)
Use Caution when Shopping by Phone
Although it can be convenient, use extra care when shopping with your smartphone. Phones are more susceptible to malwares as most do not have an anti-virus. Also, it’s highly unsafe to store your credit card or debit card information on your phone. Only buy from trusted and familiar websites when you shop through your smartphone, and use a password protected internet connection. Never shop over unsecured public Wi-fi. Remember, it’s always better to check twice before clicking the ok button. People loose thousands of dollars in a haste to snag online deals. Protect yourself from becoming a victim to fraudulent websites by exercising caution before giving out your credit/debit card details.
