A message from TSS: How to protect against phishing

5 simple ways to protect against phishing attacks and how to report issues to TSS.

1. Be sensible when it comes to phishing attacks.
You can significantly reduce the chance of falling victim to phishing attacks by being sensible and smart while browsing online and checking your emails. Be wary of emails asking for confidential information – especially if it asks for personal details, username & password, or banking information. Legitimate organizations will never request sensitive information via email. “When unsure, it is always safe to delete suspicious messages.”

It is also important to note that agencies of Shoreline Community College will never ask for your username or password over email to validate or change your services. You use your SID and PIN to access your sensitive information.

2. Watch out for shortened links.
You should pay particularly close attention to shortened links. Cybercriminals often use these – from “Bitly and other shortening services – to trick you into thinking you are clicking a legitimate link, when in fact you are being inadvertently directed to a fake site. Cybercriminals use these ‘fake’ sites to steal your entered personal details or to carry out a drive-by-download attack, thus infesting your device with malware.

Despite what the link might say, hovering your mouse over the link will often reveal where it is really taking you. If the site destination does not match information in the email or the link itself, do not click on it.

3. Does that email look suspicious? Read it again.

Plenty of phishing emails are obvious. They will be punctuated with plenty of typos, words in capitals, and exclamation marks. Impersonal greetings, such as “Dear Customer” or “Greetings,” are common. Cybercriminals will often make mistakes in these emails to get past spam filters. If you ever have suspicions about an email from someone you know, reach out to them and ask, “Hey, is this from you?”.

4. Be very wary of threats and urgent deadlines.
Sometimes a reputable company does need you to do something urgently, but in these instances, they will usually direct you to contact them via their website, not a link to click. Usually, threats and urgency are a sign of phishing and should arouse suspicion. Ignore the scare tactics and contact the company outside of the received email, via their website or a phone call.

5. How do I prevent this from happening again?
Always be cautious of email messages containing links, conveying a sense of urgency, or requesting personal, sensitive information. When in doubt, deleting these types of messages is always a safe course of action.

Reporting phishing to Technology Support Services:
When creating a Help Desk Ticket to advise TSS about a suspicious email, it would be helpful to include these things:

1) That this is an FYI message for us
2) That you did not click on any links or type credentials of any kind or
3) You did respond to the phishing email, supplied your credentials, and now believe your email and account might be compromised along with any other details about actions performed or information provided.

TSS will instruct you to log into the SCC website, go to A-Z index at the bottom of the main site, find the “Employee Password Reset,” and follow those instructions. Once that is complete, please contact TSS or reply to your ticket and we will unblock your email.

Phishing emails are a constant occurrence, as some slip through even the tightest of filters. The above tips should become part of everyone’s daily email management routine, both professional and personal.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s