Today, there are many ways of communicating, from emails to texting to a myriad number of social media options. As these methods of communication advance and increase in number, so do the tactics of cybercriminals seeking to exploit unsuspecting individuals and steal their identity. When you receive an unsolicited message, particularly one which is demanding immediate action or requesting sensitive information, here are some steps you can take to ensure that you and your information remain secure.
1. Pause and Scrutinize:
Upon receiving an unsolicited message, take a moment before reacting. Phishing attempts often play on urgency, creating a sense of panic or immediate action. Pause, think, and question the legitimacy of the message.
2. Check the Sender:
Inspect the sender's email address or phone number closely. Phishers often use deceptive addresses that mimic legitimate ones. If something feels off or unfamiliar, exercise caution. Additionally, be aware that the name shown in place of the sender’s email address can be spoofed, so it is important to always scrutinize the sender email address directly.
3. Avoid Clicking Links:
Phishing messages often contain malicious links that can lead to fake websites or install malware on your device. Hover over links to preview the URL without clicking. If the link seems suspicious or not aligned with the sender's purported identity, steer clear. If you see a URL coded by Outlook safelinks, you can use this decoder to see what the original URL was.
4. Question Unexpected Attachments:
Attachments in unsolicited messages can hide malware or other threats. Don't open attachments from unknown sources. If the sender claims to be a reputable organization, verify with them directly before opening any files.
5. Verify Requests for Personal Information:
Legitimate entities will not ask for sensitive information like passwords, credit card numbers, or social security details via email or direct messages. Treat such requests with skepticism and verify through official channels. Do not use links or emails that are on the suspect communication, but use whatever method you normally use to log onto, or communicate with, the services where the unsolicited message claims to be from.
6. Use Multi-Factor Authentication (MFA):
Enable MFA wherever possible. Even if your credentials are compromised, MFA acts as a secondary layer of protection. It ensures that accessing your accounts requires more than just a password. Please reach out to Washburn ITS for any additional information.
7. Educate Yourself and Others:
Stay informed about common phishing tactics and share this knowledge with friends, family, and colleagues. Awareness is a powerful defense. The more people know about potential threats, the less successful those threats become. Be sure to check out our cybersecurity blog!
8. Keep Software Updated:
Regularly update your operating system, antivirus software, and all applications. Updates often include security patches that protect against known vulnerabilities. When your computer or other device notifies you that a restart is required for updates, ensure that you provide it the chance to do so in a timely manner.
9. Report Suspicious Messages:
If you receive an unsolicited message that appears to be a phishing attempt, report it. Washburn uses the Phishing alert tool which can be found in Outlook across all products and platforms. For more information on how to report suspected phishing emails, visit our website.
10. Trust Your Instincts:
If something feels wrong, trust your instincts. Cybercriminals are continually evolving their tactics, and your intuition can be a valuable guide. If a message seems fishy, it probably is. If you have any specific concerns about an email or other communication, please feel free to submit an ITS support ticket for review.
--WU ITS Information Security