Phishing is a form of fraudulent communication designed to coax victims into revealing personal information or sensitive data such as passwords, credit card numbers, or bank account information. Phishing attempts can involve installing malware on a victim's device in order to quietly steal private information; they can also prey on a person’s emotions to frighten them into ignoring red flags.
Bad actors use various tactics and methods to deliver phishing attempts, including emails, text messages, phone calls, and even face-to-face interactions. Anyone can be a target at any time, so spotting and reacting to phishing attempts can save you and our college from becoming victims of cybercrime. Since education is the best preventive measure against phishing attempts, the Cybersecurity Department conducts monthly phishing campaigns to test and train our employees on discovering phishing attempts and provides remedial training for those who need extra instruction.
What to Watch Out For:
-
Emails or messages designed to frighten you into doing something right away (e.g., "your bank accounts will be frozen unless you click this link within 24 hours").
-
Emails or messages leveraging current events or what may be happening in an organization in order to coerce you into clicking on a link or scanning a QR Code.
-
Suspicious or unexpected links, QR codes, or attachments. These are some of phishers' primary methods for delivering malware and / or collecting sensitive data.
-
Emails that have misspelled words or broken English. Unfortunately, attackers can now use AI to draft more convincing attempts, but poor grammar is still a red flag regardless.
-
Emails asking you to log into your account and verify information. Attackers can send links to fake websites designed to imitate trustworthy institutions such as banks; this helps them collect sensitive data such as usernames and passwords.
-
Emails, links, QR codes, or applications that ask you to update an application by clicking a link.
-
Calls asking you to approve DUO or Microsoft Authenticator attempts or to provide a confirmation text sent to your phone.
How to Avoid Becoming a Victim:
-
SLOW DOWN. Read the email very carefully. Remember: it is ok to read the email, but if the email doesn’t appear legitimate, then it likely isn’t, so don’t click the link!
-
Report all suspected phishing attempts to the Central Piedmont ITS Service Desk.
-
To update your applications, always go directly to the vendor’s official website. Note: devices and applications owned or provided by Central Piedmont are always automatically updated by ITS.
-
There is no “Silver Bullet” to guarantee that a link is “safe”, so it is up to you to carefully read the email before clicking on any links.
-
External emails delivered to your Central Piedmont inbox always include the word “EXTERNAL” within the subject line to help you distinguish them from emails sent by other Central Piedmont employees or students. When reading an external email, it is best practice to hover your mouse over each link to reveal its real address.
-
Links which have been scanned by Cybersecurity's "ProofPoint" software will begin with "https://urldefense.proofpoint.com" (see below). In most cases this indicates that a link has passed our security checks. Note: this function is not available for your personal email accounts. Below is an example of a link to amazon.com which has been checked by ProofPoint:
It only takes one click to compromise an entire organization. Slow down and think before you click.