Phishing is nothing new. Recently, we’ve had a successful phishing attack.
I posted some tips from Eastern Michigan University back in 2012 which are still relevant.
Once an attacker is successful, it becomes easier because the attacker can use that account to send to others. Now the email will appear to come from someone you know. However, the same concerns are still present.
A few definitions to help:
- Phishing – this is an email sent out in the hopes of getting the user to “give up” log in information. Frequently, this will include as much “known” or popular information as possible.
- Spear phishing – like above but targeted at specific individuals. This is by far the most successful type of attack. These frequently include information that is accurate to the individual.
- Clone phishing – an attack that uses a legitimate email as the basis. The link or attachment is changed and then sent out again.
- Whaling – phishing attacks that are targeted at high level officials.
Some reminders (if you didn’t read above), of what you can do to help protect yourself:
- NEVER enter your user name and password into a Google Form
- Always look at the actual email address the email comes from
- Hover over a link, without clicking on it, to see what the URL is (hint: https://www.imrippingyouoff.com) is probably not a link that you want to follow.