Don't Fall for These Phishy Tricks
Need to know newsletter from the UC Office of Information Security
Phishing emails are one of the most common cybersecurity threats. With about 319 billion emails sent and received each day, users need to be on high alert for phishing attacks.
According to Proofpoint’s 2021 State of the Phish report, 75% of organizations around the world experienced a phishing attack in 2020. 74% of attacks targeting US businesses succeeded.
But knowing that phishing emails are out there and dangerous is not enough. It’s important to be able to recognize one. Here are some tips from the University of Cincinnati's Office of Information Security:
An urgent phishing email is designed to get you to act fast. It might tell you that your account was hacked or is going to be deactivated — click here to restore it!
Unfortunately, urgent phishing messages are common because they work. Fear makes people do things without thinking, so slow down!
Another type of phishing email asks you to verify your account by logging into a (fake) webpage or clicking a button to update your credentials.
These types of emails can collect your username and password, giving a hacker instant access to your account.
Hackers will try to impersonate someone at your company, real or fake. They might impersonate someone in the HR department, IT department or even a coworker.
In an internal message phishing email, it might ask you to click on a link to read and sign a policy document, read a document about a company- wide update or even try to request sensitive information.
Free things are enticing, but they can also be dangerous. If you get an email saying you won a free TV or “click here to enter a prize drawing,” be on high alert!
Hackers are trying to bait you into clicking a malicious link.
Phishers Attack at Many Levels
Everyone is at risk of phishing, no matter where they are in the food chain. Phishers specifically target CEOs and high-level executives with special phishing attacks intended to entice or fool them. These are known as whaling attacks.
Help! I might be getting phished. What should I do?
If you think you have received a phishing email, it’s important to slow down and examine it.
- First, look at the sender and domain of the email address.
- Hover over any links and see where they might direct you to.
- Other phishy identifiers might be misspelled words, incorrect dates or odd requests.
If you see anything, email it to infosec@ucmail.uc.edu. The UC Office of Information Security can help you figure out if it’s a phishy email. Whatever you do, do not click on any links, reply to the email or send it to anyone else!
For any questions, contact UC Office of Information Security at infosec@ucmail.uc.edu.
Related Stories
ServiceNow Vancouver upgrade coming Friday, April. 26
April 17, 2024
The IT Service Portal and Knowledge Base may be intermittently unavailable from 11:45p.m., Friday, April 26, until 4 a.m., Saturday, April 27, during a planned ServiceNow upgrade.
UC to host paper shredding event on Bearcat Commons
April 12, 2024
The Office of Information Security is hosting its annual “Secure Our World” Shred Event at Bearcats Commons Lot A behind A&S Hall Building Wednesday, April 17, from 9 a.m. to 1 p.m. or until the truck is full. Drop off your professional or personal documents to ensure they are securely destroyed and recycled.
LastPass password manager now available for UC students
April 3, 2024
Start protecting your personal online accounts today!