Phear the Phish!
how can you avoid being hooked?
What is Phishing?
Phishing attacks are becoming more and more prominent worldwide and at Boston College.
Phishing is a type of Internet scam in which people are tricked into releasing sensitive information to cybercriminals, who in turn use that information for malicious purposes.
Phishing attacks can take the form of emails and instant messages from trusted sources such as popular social web sites, auction sites, banks, online payment processors or IT administrators. They can lead to loss of your personal information and money.
This semester, BC Information Technology Services invites you to learn more about phishing, how it could affect you, and what you can do to help avoid being scammed.
There will be chances to win some great prizes along the way, so stay tuned!
To learn about upcoming events, "Like" the Boston College ITS Facebook page and follow us on Twitter (@BostonCollegeIT), where we will release information on where and when these events will take place!
Most Common Phishing Attacks
A recent study by Kaspersky Labs revealed that the most common type of phishing frauds target social media sites to gain access to other accounts like your email and propagate the phishing fraud to your friends. 36% of phishing scams worldwide try to gain access to your username and password for social media sites like Facebook and Twitter. The second most common type of phishing attack, making up 30% of all attacks, targets financial institutions like your bank as well as online shopping websites like Amazon and iTunes.
Take this email, targeted at Facebook users who think there is a security update for the site and are asked to input their username and password in order to update their account. Several features of the email indicate that this is a phishing attack:
- The email address this email is coming from does not appear to be a legitimate Facebook email. If the email is not one that you have interacted with before and trust, be wary of opening communication from them.
- The whole email is an image, with no way to hover over links to see where they are taking you. Most legitimate emails will use a combination of text and image, and allow you to preview where the link is taking you.
- The email urges you to click the link provided. Most legitimate business emails will ask you to log into your account as you normally do and update information that way, should that be necessary.
- Be wary of emails that sound strange, urgent or too good to be true. For example, Facebook would likely automatically increase security for all its users instead of asking users to verify their information to do so.
- Do not be fooled by the Facebook logo within the email. Phishing attacks will often use the logo of the business to make their emails look legitimate.
ITS advises you to be smart about your password selection, web presence, and security software updates. Do not give out your personal information via email messages, especially if the email you received seems sketchy. Take note of the "red flags" above to question the validity of emails and other forms of communication you receive. If you reply to these messages, you run the risk of identity theft, insertion of malware on your computer or other significant problems.