Phishing -- one of the oldest pain points in cybersecurity. Also known as pre-texting, phishing continues to wreak havoc quietly and is as significant a threat as ever.
Despite often being overlooked, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.
With that in mind, here are a few quick best practices and tips to help you recognize and deal with phishing threats.
Know the Red Flags: Emails
Phishers are masters of making their content and interactions appealing. From content design, layout to language, it can be difficult to discern whether the content is genuine or a potential threat, which is why it is so important to know the red flags.
- Awkward and unusual formatting
- Overly explicit call-outs to click a hyperlink or open an attachment
- Strange requests concerning an account, system, or application changes with no prior awareness
- Requests for personally identifiable information or your login and password
- Subject lines that create a sense of urgency
These are all hallmarks that the content you received could potentially be a phishing attempt and indicate that it should be handled with caution. Most organizations will communicate multiple times and well in advance of any application transitions, and they will provide websites and other supporting materials and contact information for more details.
All suspicious emails can be sent to GW IT Security at abuse@gwu.edu, and questions about the content or requests in an email can be verified with the GW IT Support Center at 202-994-4948.
Verify the Source
Phishing can occur in a variety of ways. In addition to email, phishers ply their craft through phone calls, text messages, sometimes regular mail. Often, phishers will try to impersonate someone you may already know -- such as a colleague, service provider, relative, or friend to trick you into believing their message is trustworthy.
Don’t fall for it. If you sense that something about an email, phone call, or text message may be out of place or unusual, try to confirm whether the content is authentic and safe. If not, immediately break off communication and flag the incident through the proper channels (at GW, this is forwarding the message to abuse@gwu.edu).
Vishing and Other Phishing Offshoots
Greater awareness about phishing has spawned more diverse phishing efforts beyond traditional email. For example, voice phishing -- or vishing -- has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization -- such as a healthcare provider or insurer -- and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information, whether via email, phone, or chat, especially if the communication is unexpected. If anything seems suspicious, hang up or end the communication immediately.
If you think you may have been a victim of a phishing attack at GW, contact the IT Support Center by phone at 202-994-4948. IT Support Center staff can assist in locking your accounts and guiding you through a password reset, if needed. If you feel you might have been phished on a personal account, contact your provider immediately through a verified number and request that your accounts be reset/locked because your access may be compromised.
For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit our website at https://it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at https://go.gwu.edu/GWiz.
Original blog content provided by The National Cyber Security Alliance, modified and posted with permission.
