Skip to content

Category: Phishing

Published on

Cybersecurity has become one of the most significant hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is an evidently constant news cycle dedicated to cybersecurity mishaps and concerns. With this continuous stream of bad news, it can be challenging for you to know how to keep secure in the face of cybersecurity and threat actors. 

Everyday users have a huge role in cybersecurity threat prevention, detection, and remediation. According to a Wall Street Journal article, many hacks are successful by convincing someone inside or close to the target company to divulge network access credentials or other critical information. Therefore, GW’s first line of defense in helping to combat cyber-related issues is you. 

Here are 4 essential best practices that you can adopt today to enhance your cybersecurity and create a more secure cyberspace for you and GW.  

Watch out for Phishing Attempts

Phishing is when a threat actor poses as a legitimate party such as a bank, delivery service or other organization in an attempt to get individuals to click harmful links. Phishing remains one of the most popular tactics used  today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. While phishing has gotten more sophisticated, the phishing signs remain the same. Look for typos, poor graphics, and other suspicious characteristics (incorrect logo or email address) as these can be red flags indicating that the content is a phish. In addition, if you think you have spotted a phishing attempt while logged into the GW network, report the incident to GW IT immediately. To report an incident please contact the GW Information Technology Support Center at 202-994-GWIT (4948) or email abuse@gwu.edu

Update your Password

Password cracking is another tactic that cybercriminals use to access sensitive personal information.  To guard against password cracking, having unique, long and complex passwords is one of the best ways to boost your cybersecurity immediately.  It is highly recommended not to repeat passwords across your accounts because once a hacker cracks one account, they can easily do the same across all of your accounts. 

Passwords can be tough to remember. That’s why it’s smart to use a password manager to help you secure your various passwords in one place. Password managers are easy to use and can automatically plug-in your stored password when you visit a site. Along with other security tips, password managers minimize the risk of mis-managing account passwords.

Take Advantage of Secure Wi-Fi 

Mobile hotspots and public Wi-Fi networks are typically not password-protected,  so it’s easier for threat actors  to gain unauthorized access to devices. Students, faculty, and staff should take full advantage of the university Wi-Fi networks when on campus. They are password-protected and only allow internet access across the university premises, operating as a secure online bubble for every user to work in peace.  

Lock your Device

Whenever you're logged into your devices (computer, laptop, phone, etc.),  you’re also open to potential unauthorized access by hackers and other threat actors.  The easiest way to prevent unauthorized access to your device is to lock it whenever you leave it unattended. All you have to do to get back on your device is enter the correct password, and you can pick up where you left off. If you wouldn't leave your house with the front door wide open, you should not leave your devices unlocked, especially when they are unattended.  

This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security  

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.  

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission. 

Published on

Phishing -- one of the oldest pain points in cybersecurity. Also known as pre-texting, phishing continues to wreak havoc quietly and is as significant a threat as ever.

Despite often being overlooked, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.

With that in mind, here are a few quick best practices and tips to help you recognize and deal with phishing threats.

Know the Red Flags: Emails

Phishers are masters of making their content and interactions appealing. From content design, layout to language, it can be difficult to discern whether the content is genuine or a potential threat, which is why it is so important to know the red flags.

  • Awkward and unusual formatting
  • Overly explicit call-outs to click a hyperlink or open an attachment
  • Strange requests concerning an account, system, or application changes with no prior awareness
  • Requests for personally identifiable information or your login and password
  • Subject lines that create a sense of urgency

These are all hallmarks that the content you received could potentially be a phishing attempt and indicate that it should be handled with caution. Most organizations will communicate multiple times and well in advance of any application transitions, and they will provide websites and other supporting materials and contact information for more details.

All suspicious emails can be sent to GW IT Security at abuse@gwu.edu, and questions about the content or requests in an email can be verified with the GW IT Support Center at 202-994-4948.

Verify the Source

Phishing can occur in a variety of ways. In addition to email, phishers ply their craft through phone calls, text messages, sometimes regular mail. Often, phishers will try to impersonate someone you may already know -- such as a colleague, service provider, relative, or friend to trick you into believing their message is trustworthy.

Don’t fall for it. If you sense that something about an email, phone call, or text message may be out of place or unusual, try to confirm whether the content is authentic and safe. If not, immediately break off communication and flag the incident through the proper channels (at GW, this is forwarding the message to abuse@gwu.edu).

Vishing and Other Phishing Offshoots

Greater awareness about phishing has spawned more diverse phishing efforts beyond traditional email. For example, voice phishing -- or vishing -- has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization -- such as a healthcare provider or insurer -- and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information, whether via email, phone, or chat, especially if the communication is unexpected. If anything seems suspicious, hang up or end the communication immediately.

If you think you may have been a victim of a phishing attack at GW, contact the IT Support Center by phone at 202-994-4948. IT Support Center staff can assist in locking your accounts and guiding you through a password reset, if needed. If you feel you might have been phished on a personal account, contact your provider immediately through a verified number and request that your accounts be reset/locked because your access may be compromised.

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit our website at https://it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at https://go.gwu.edu/GWiz.

Original blog content provided by The National Cyber Security Alliance, modified and posted with permission.

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.