(CC BY-SA 2.0/Flickr user wuestenigel)
October is National Cyber Security Awareness month. This is the second article in a four-part series on security brought to you by Geneseo’s Information Security Program Team.
Determining what is a phishing email and what is not can be difficult. Spotting a phish can get easier with practice. The following links provide quizzes and games designed to help prepare you for recognizing the next phish.
https://www.sonicwall.com/en-us/phishing-iq-test
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
https://www.opendns.com/phishing-quiz/
http://smartermsp.com/quiz-can-outsmart-phishing-scam/
The way to protect yourself from phishing and other scams is always to be suspicious and use common sense. Phishing and scam emails try to trick you by coaxing you with a “click here” to fix a problem or by offering a “too good to be true" opportunity. When in doubt, don't click. Never login to a website from a link in an email. Instead, go to the website and sign in to see if there are any signs of strange activity. If you're concerned, change your password. Always think before you click, and never give out your password or financial information by responding to an email.
Don’t hesitate to contact the CIT HelpDesk in Milne Library for help with a questionable email at (585) 245-5588.
Here are a few examples of real phish/scam emails that have been seen at Geneseo or other SUNY Colleges.
- A group of International students was led to believe that a contact on WeChat could get them a great currency conversion rate if the students used them to payid their bills. The contact requested the students' college user ID and password and they proceeded to pay the student bills using stolen credit cards. When the students saw that their bills were paid, they transferred payments to their contact via Venmo, iPay, or a similar service. Several weeks later, the college began receiving notifications of charges from people who did not have affiliations with the college. The FBI was contacted and found that the WeChat account originated from a computer in Canada, the credit cards used to pay the students bills were from a bank in Japan, and because the students were in their home countries — not the U.S. — the FBI had no jurisdiction in the case.
- Geneseo students received an email to their college email accounts from “IT.” The email stated that they exceeded one or more size limits set by the “Network Administrators.” The students were asked to click on a link where they are asked to enter their login information.
- Over 1100 Geneseo students received an email stating that a new "professor" needed a student worker who could work four hours a week for $300. Interested students replied to the professor via a non-Geneseo account. The professor then emails a check to the student for $2450 with instructions on how to deposit it. Fake check scams often include refunding a portion of the check in cash before the deposited check is discovered to be fraudulent.
- Geneseo account holders received an email from “IT” saying that it suspected a security breach and in order to prevent further damage, account holders needed to change their password through a provided link.
- Geneseo account holders received an email saying that the sender had their password and they knew a secret about them. They threaten to share the person’s secret unless they make a payment by bitcoin. The amounts requested have varied.