Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version 13

changes.mady.by.user Timothy Pinkham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

This page explains what phishing scams are

...

, and how they work.

Here is a sample phishing email:

Image Added

To learn how to protect yourself

...

from phishing attacks, see Protecting yourself from phishing attacks.

...

Phishing Defined

"Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication." (Source: Wikipedia)

...

The Difficulty of Combating Phishing

There are two main reasons phishing attacks are so difficult to stop:

  1. Phishing email at Biola is coming from legitimate email accounts that were compromised when a Biola community member was fooled into handing over their username and password. It can’t be detected and flagged automatically using standard tools because unlike traditional spam, which is easily identified by where it originates, or the bogus accounts used to send it, phishing email comes from valid biola.edu addresses.

  2. Biola students and alumni, who tend to be most vulnerable to these schemes, are also the most numerous types of accounts in our Google Apps domain. If even a small fraction of these fall for the scam, this can have a significant effect on the broader community.

 

...

  1. Pause and think before you click. If you get a message and aren’t sure if it’s legitimate, delete it, or contact the IT Helpdesk using one of the methods listed in the sidebar to the left.

  2. Biola IT (or Google) will never close your accounts suddenly. Malicious actors love to prey on fear and uncertainty to get you to make a hasty decision.

  3. Be very skeptical of links in emails or attachments that take you to anything with a login screen. It’s better to type the address manually into your browser than to click. The following links take you to different websites; can you spot the fake without visiting the site?

    1. Gmail.com

    2. Gmail.com

  4. IT will never ask you for credentials or other sensitive information via email, text, or telephone.

 

How to Respond If Your Account Has Been Compromised

If you clicked on the link from a phishing email, and submitted your NetID credentials, please navigate immediately to login.biola.edu and do the following:

  1. Reset your NetID password.

  2. Confirm that the personal email address listed is yours – if not please remove it.

  3. Notify the IT Helpdesk immediately. This may allow them to secure the account before malicious actors can use it.

If you clicked on the link but did not submit your NetID credentials, no further action is needed. Simply delete the email.

If you need help, contact the IT Helpdesk using one of the methods listed in the sidebar to the left.

...