Phishing Email and Identity Protection
Phishing emails are messages used by hackers and thieves trying to "fish" for personal or financial information. They then use that information to commit identity theft, gain access to your accounts, and hack your computer. Phishers are becoming much more sophisticated and convincing, making it even more important for users to be vigilant in identifying and protecting themselves from these scams.
To help guard against phishing attacks and identity theft, please make note of the following when viewing email:
- No one needs your password. Emails asking you for personal information should be a red flag. There is simply no need to ever give anyone your password. Do not reply to any email or complete any form asking for your password, no matter how urgent they make it seem. This especially holds true to email appearing to come from Concord's Technology Services or helpdesk, we have no need to ask you for your password.
- Think before you click. Be very careful clicking links in emails no matter how legitimate they look, what they say and where they go can be very different. Scammers can easily redirect you to a malicious site that installs malware or ransomware on your pc. If the link is from someone you know, check with them first before clicking and make sure they really sent it, and that their account was not compromised.
Never click a link to change your Concord password, only change it at mypass.concord.edu (hand type the url) or call the IT Helpdesk for assistance.
If you absolutely must know where a url goes, hand type it in the address bar, don't click it.
- Avoid unexpected attachments. If you receive an attachment that you are not expecting, don't open or download it. If you know the person sending it, contact them through other means (don't reply) and ask them if they really sent the attachment. Otherwise it's best to just delete it.
- Look at the sender's email address. If you receive an email from someone with a name you know but the email address doesn't look right, be skeptical. For example, if you receive an email from Apple and the sender's address is firstname.lastname@example.org, this is clearly not from Apple and is a scam.
- Don't send social security numbers in email. If you are an employee or student at Concord, use your 774 ID number only. If it's necessary to give your SSN, do it in person, discretely, or encrypt your email, see www.concord.edu/encryption for more information on email encryption. Technology Services has safeguards to prevent the sending of social security numbers in email, but these are only effective when using university email, the best security is to simply not do it.
- Warning signs and red flags. Sometimes the bad guys generate a very authenticate looking phishing email or scam. Fortunately for us, the majority of phishing emails will have poor grammar, spelling errors, and poor syntax, or just doesn't make sense, this should be a red flag to you.
Another flag is if you were cc'd on an email but you don't personally know the other people.
Asking for personal or account information should be a huge red flag that the message is a phishing attempt.
Be skeptical and look over email closely before clicking or replying.
- Additional steps to take. Make sure the most recent updates are installed on your operating system. As an added layer of defense, internet security software is never a bad idea, but don't completely rely on it to protect you. Do some research on the top internet security software, many software magazines and websites review them on a regular basis.
There is no single fool-proof way to avoid phishing attacks, so if you are still unsure of an email you have received, contact the IT Helpdesk at 304-384-5291 (email@example.com) and we will assist in determining its safety. Also, if you are aware of a phishing email circulating among your friends or coworkers, please report it to the helpdesk.