In part one of the National Cybersecurity Awareness Month series, SUNY Oswego Campus Technology Services (CTS) covers phishing, how to spot it and what to do if you believe you are being phished.
Phishing is a type of attack where a malicious email is sent to try and trick the recipient into installing something or providing sensitive information such as passwords or credit card numbers to a malicious group. Sometimes phishing emails will be highly personalized in a type of attack known as spear phishing, so it is always important to be aware of how you interact with email and to verify the person you’re speaking to is legitimate.
Below are several things you can do to protect yourself from phishing.
- Always check the email address of who sent you the email, not just their name.
- Hover over links in emails before you click them to verify they are trustworthy websites.
- Treat unexpected attachments and requests for sensitive information as suspicious.
- Check emails for inconsistencies. Examples of this would be emails sent at strange times, the name/organization of the sender not matching in their address and signature and emails that are tagged by Gmail as being external.
If you believe you are the target of phishing, please mark the email as a phish in Gmail and report the email to the CTS Help Desk at help@oswego.edu.
For more information about phishing, visit both the CTS phishing page on the CTS cybersecurity website and the Cybersecurity Awareness: Phishing Attacks LinkedIn Learning course.