Cybersecurity Awareness Month is celebrated each October as a way to promote safer use of internet technologies and services. Throughout the month, we will be publishing weekly articles about best practices for protecting your accounts. Each week will follow one of the official themes for Cybersecurity Awareness Month 2023. The theme for the this week is recognizing and reporting phishing scams.
Phishing? Don’t you mean “fishing?” Nope! Phishing, which has nothing to do with that band from Vermont, is a scam that tries to gather personal data from a user. This could include your account names and passwords or even more sensitive data, like your Social Security number or bank account information. These scams use social engineering to trick the victim into sending this information to the scammer via email, text message, or even a web form.
The most important line of defense against scams is you! While phishing scams are becoming more sophisticated, they still tend to have some “red flags” to look out for when reading your email.
- Urgent or emotionally appealing language, often claiming severe consequences for not responding immediately, such as legal action.
- The sender is someone you don’t normally contact, such as a direct message from someone in senior management.
- The email is about something that you did not know about, such as an invoice, order, or payment request for an item you did not purchase or from a vendor you did not use.
- Requests to send personal information, such as login info, or financial information, such as bank account numbers or credit card numbers.
- Unrecognizable URLs, often containing misspelled words or names of companies.
- Sender that does not have an email address you recognize or has misspellings in the user or domain.
- Strange requests, such as the purchase of gift cards, or payment via unusual means, like gift cards, a specific payment app, or cryptocurrency.
If you suspect an email is a phishing scam, avoid clicking any links, including an “unsubscribe” link, or opening any attachments. You should report phishing messages to help prevent them from arriving in the future.
If you are not sure if an email is phishing, you should do the following:
- Slow down and think it through. There is no need to take immediate action.
- If you are being asked for payment or to spend money, confirm things before taking action no matter how urgent it seems. Only you control your own money.
- Visit the company’s website and use the contact information found there to contact them.
- Use another means of contacting the user that seemingly sent the suspect message. For example, if you receive an email from a supervisor that was sent from an email address you do not recognize, such as a Gmail account, send them an email to their Providence College account.
- If you’re still unsure, you can forward the email to the IT Helpdesk (helpdesk@providence.edu) to assist with determining the legitimacy of an email.
Please be sure to report phishing scams to Microsoft. This helps improve the email filters.
Follow the suggestions about strong passwords and MFA sent previously this month to help better protect your account. For MFA, we recommend the Microsoft Authenticator app as the most secure method. If you receive an unexpected prompt for MFA – whether it be a text message, phone call, or Authenticator notification – you should change your password. See the links below for more information.
Setup the Authenticator App
Change your password
Report a phishing scam
More info on phishing scams from CISA
