Watch out for “phishy” emails.
Spam refers to unsolicited communication, usually in the form of advertisement.
Phishing usually refers to similar communication featuring fraud, usually where the perpetrator attempts to trick people into providing their Social Security numbers, financial accounts and other personal information by pretending to be someone they are not (e.g. banks, retailers, government agencies). These attacks can have a range of targets and a range of delivery methods, but is very often through email.
-Most modern email clients (e.g. Live@edu, Gmail) have effective built-in spam filters that will eliminate most unwanted emails; false positives are always possible, however, so it’s always worth taking an occasional glance at your spam folder when these filters are on to make sure you’re not missing any valid emails.
-The best defense against phishing is common sense. Always keep in mind that website administrators will never ask for passwords or personal information, and that many services do not actually require financial or personal information.
-There are a few telltale signs of phishing attempts: poor grammar, misleading URLs (ithica.com is not ithaca.edu), and urgency are a few common tactics. Whenever you are asked for personally identifiable information, double-check to make sure that it is necessary for the situation.
-If you have fallen for a phishing attempt, immediately change all passwords related to the forfeited information. That includes, but is not limited to, the password to that account, the password to any email addresses associated with the account, and any identical passwords throughout any accounts you own.
-If any forfeited information gave access to financial details, consider having a fraud alert placed on your credit file, and contact your bank/credit company for further instruction.
-Report any incidences of cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.
Visit http://www.ithaca.edu/icinfosec/identity/ and http://staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud for more information!
For even more NCSAM tips follow us: facebook.com/ICInfosec | twitter.com/IC_infosec