security

Tips for Staying Safe Online – Seton Hall University


Laptop with an image of a lock on the screenPhishing scams are designed to trick you into revealing sensitive personal information
(e.g. passwords, credit card numbers, Social Security Number), which can then be used
for fraud or identity theft. Keeping informed about these types of scams is the most
effective method for deterring cyber criminals.
Take proactive steps to safeguard your personal information by learning how to identify
common phishing scams and how to report them.

Fraudulent Job Offers

Job offer scams begin with contact from the scammer, usually by email, inviting you
to apply for or start a job.
These job offers are often unsolicited, meaning you never applied or interviewed for
the job. A telltale sign of this type of scam is the unusually desirable work conditions,
such as short hours, easy work, lots of money, and the ability to work from home.
With fraudulent job offers, the cybercriminal may direct you to a URL to enter your
Seton Hall credentials in an effort to access your personal information or request
that you make a financial transaction, such as depositing a check.
It’s important to remember that no legitimate employer will send payment in advance
and ask the employee to send a portion of it back. DO NOT provide any personal information,
especially social security numbers or financial/banking information.

Quick Requests or Favors

Recipients usually receive a very informal email from what appears to be a known sender
from the Seton Hall community, such as a coworker or peer, asking if they can do a
quick favor. If the sender receives a reply, they typically explain that they are
in need of a favor because they stuck in a meeting and ask the recipient to buy a
certain amount of gift cards. The scammer will then instruct the victim to scratch
off the codes on the back and send pictures of the code numbers.

Readers Also Like:  UN council to hold first meeting on potential threats of artificial intelligence to global peace - KARK

Past Due Payment Notification / Order Confirmation

There are two methods to this scam. In the first, a user may receive an invoice with
an email demanding payment for services rendered or products purchased. In the second, the recipient is told that their payment is confirmed and a receipt
is attached. The user is then instructed to call a provided number if they have any
questions.
Calls are most likely met with a very friendly person on the other end who cheerfully
can do a full refund and asks the recipient for their credit card information to process
the refund. Once the credit card information is given, the scammer hangs up and starts using the
card before it can be reported as stolen.

Password or Account Expiration

In this scam, the recipient is notified that their password or account is about to
expire and directs the user to click a button in order to keep using it. Typically,
the button links to a fake Microsoft login page used to steal the user’s login credentials.

Shared Document

An email informs the recipient they have received a shared document and includes a
URL. When the user clicks, they are taken to another page to continue to the shared
document. Ultimately, the user is led to a fake Microsoft login page used to steal the user’s
login credentials.

Phishing Email Checklist

  1. Unverified or Unknown Sender Information 
    Scammers will often customize the sender’s display name to be familiar and general.
    Check the full email address of the sender to ensure that the domain name (what follows
    the @ symbol) matches the apparent sender.  Also, check for emails that resemble the
    name of a well-known company (@shu.edu), but are slightly altered by adding, omitting,
    or transposing letters (@shu.com).
     
  2. Spelling and Grammar Mistakes 
    Pay special attention to how an email is worded, and look for spelling, punctuation,
    and grammatical errors.  Poorly written emails are often a telltale sign of a phishing
    scam.
     
  3. Urgency and Ultimatums 
    Messages that convey a sense of urgency are designed to make you respond immediately
    without thinking.  Additionally, messages about contests you did not enter or offers
    for goods or services at an unbelievable price are likely fraudulent.
  4. Incorrect Links and Unexpected Attachments
    The URLs or hyperlinked words in a phishing email are often masked, meaning the link
    you see does not direct you to the address displayed. Instead, users who click are
    directed to a different, usually illegitimate, website.  Before you click, hover your
    mouse pointer over links and hyperlinks, and a small pop-up window will appear showing
    you the true destination of where the click will take you.   
Readers Also Like:  Screening US funds for Chinese tech raises question: Which tech? - Roll Call

You’ve Been Phished.  Now What? 

Report phish button in OutlookIf you recognize that an email sent to you is a phishing email, report it!  Click
the “Report Phish” button, located in the top navigation of your email account, to
send the email to IT Security for investigation.  If you are unable to find the button,
or it doesn’t work, open a ticket with the Technology Service Desk by forwarding the
phishing email to [email protected].  

If you accidentally clicked on a link or provided any information before recognizing
the phishing attempt, close the page and immediately change the passwords of any compromised
accounts.  If you’ve provided credit card or banking information, contact your bank
and financial institutions to make them aware of the situation.  Lastly, report the
phishing attack to Information Security to receive recommendations for additional steps. 

To learn more about steps you can take to protect yourself, visit: www.shu.edu/technology/phishing-scams.cfm

Categories:
Science and Technology



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.