Phishing Email

Eventually, a phishing email will show up in your inbox. It happens to everyone.

An email claims to be from your bank, the IRS, or the ECU IT Department or Help Desk. You may be asked to log in or provide your personal information. The message looks legitimate, but it’s really a trick to obtain your login credentials and steal confidential data, or fool you into downloading harmful attachments.

More than 90% of data breaches start with a phishing attack. Don’t take the bait! Besides typical phishing emails that cast a wide net to a large number of individuals, without targeting a particular victim, you should also be aware of more elaborate phishing attacks such as spear phishing and ransomware.

Spear Phishing

Spear phishing is a targeted attack, often directed at a specific individual or department that appears to be from a trusted source. Criminals may use social engineering tricks such as pretexting, which involves creating a false narrative to gain trust and influence behavior. They may use psychological manipulation and pressure tactics, such as impersonating a supervisor or high level official while making time-sensitive demands. For example, a major data breach that impacted all employees at Tidewater Community College happened when an employee in the finance department responded to a data request from an attacker impersonating a college official.

Ransomware

Ransomware is a type of computer virus that infects systems and prevents access to critical files and data until you pay a ransom. An increasing number of phishing emails involve ransomware attacks. The City of Greenville, NC, was the victim of a cyber attack involving ransomware that brought down systems for an extended length of time, with the attackers demanding ransom while holding data hostage. Higher education institutions are main targets for ransomware attacks. University College London was the victim of a ransomware attack that originated with phishing emails and encrypted network storage, leaving students and staff locked out of their files.

Prevent - Think Before You Click

  • Be skeptical. Do not click links or attachments you’re not sure are legitimate. NEVER reveal your passphrase to anyone. Legitimate businesses  including ECU  will NEVER request personal information through email.

  • Verify a sender. Call the business using a phone number from their website, the back of a statement, bill or credit card. DO NOT click the links in the email.
  • Be careful of attachments. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
  • Keep your anti-virus software regularly updated.
    • Windows Defender (included with Windows 10)
    • XProtect included with macOS
    • Antivirus software from any reputable vendor.
  • Update your computer and software. Install the latest patches and updates for your operating system and other software.

React

If you receive a suspected phishing email, here's what to do:

  • DELETE any email that asks for your personal information.
  • Mouse over any links to check the URL. Don't click a link in an email without checking it first!
  • Official ITCS email communications always match the display name and email address. Examples:
    • The ITCS Notification email address is always "ITCSNOTIFICATIONS@ECU.EDU."
    • Phishing emails mask the true address. Mouse over "IT HELPDESK," and the address is something like, "joesmith@someotherdomain.com."
  • If you do provide account information to a malicious site, CHANGE YOUR PASSPHRASE IMMEDIATELY at the Passphrase Maintenance website.
  • Call the IT Help Desk at 252-328-9866 | 800-340-7081 about any possible phishing email or other scam message.

Report

Reporting a phishing or spam email helps ECU better protect all users. To report a suspected phishing email, please forward the message to phish@ecu.edu or submit a security concern to ITCS. To learn more about phishing, visit the Federal Trade Commission.

100% helpful - 1 review

Details

Article ID: 67368
Created
Tue 10/22/19 12:36 PM
Modified
Thu 7/9/20 3:45 PM