University students, faculty and staff are frequent targets of spam and phishing emails. While spam can be annoying, it's often harmless. Phishing, on the other hand, can put your personal information at great risk.
Expand |
---|
title | What is spam? What is phishing? |
---|
|
Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Phishing is designed to trick you into sharing personal information like usernames, passwords, basically anything that can be used to gain access to your identity and accounts. A cybercriminal creates an email or text message that appears to be from a trusted source (like a Cal Poly college or department, your bank, your employer, etc.). Most often, these messages urge you to act quickly and click on a link or open an attachment. They might falsely claim that your email inbox requires verification or will be shut down, or that you need to take some action to apply for a job or receive financial aid. If you follow through on the request, the cybercriminal can then use the information to con you out of money, compromise your email account, and use it to phish others. Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic, and because the recipient is already customer of the business, the email may more easily make it through filters, and the recipient may be more likely to open the email. |
...
Expand |
---|
title | How can I protect myself against spam and phishing? |
---|
|
Don’t reveal personal or financial information Do not respond to email solicitations with any personal information. Don’t click links sent in email that ask you to provide personal information. Pay attention to website URLs Malicious websites may look identical to a legitimate site, but the URL uses a variation in spelling or a different domain (e.g., .com versus .net). Limit your exposure You might decide to use two email addresses — one for personal messages and one for shopping, newsletters, and other services. Also, try not to display your email address in public. That includes in blog posts, on social networking sites, or in online membership directories. Spammers use the web to harvest email addresses. Create unique, secure, and strong passwords or passphrases Review Cal Poly's password requirements. Having separate passwords or passphrases for every account helps to thwart cybercriminals. Separate your work and personal accounts. Use a password manager like LastPass. Keep a clean machine Keep all software on internet-connected devices – including computers, smartphones and tablets – up to date to reduce risk of infection from malware. Sophos Central Endpoint Protection antivirus software is installed on all university-owned computers and you can install Sophos Home for free on your personal devices. Check privacy policies and uncheck boxes Check the privacy policy before you submit your email address to a website. See if it allows the company to sell your email to others. You might decide not to submit your email address to websites that won't protect it. When submitting your email address to a website, look for pre-checked boxes that sign you up for email updates from the company and its partners. Some websites allow you to opt-out of receiving these mass emails.
|
...