In recent weeks, the number of Phishing* emails being received by members of the Deerfield community has been on the rise.
We have seen messages that attempt to obtain users’ passwords, and messages from our Head of School that request gift cards. (Really!) Many of these messages are blocked by our firewall, but some make it through.
Here’s what ITS is doing to address this and how you can help –
What ITS is doing –
1. We have created a new email address: firstname.lastname@example.org. You should use this address to report a suspicious looking email.
2. We will investigate any suspicious emails to determine their validity.
3. We will block the sender of a phishing message at our firewall to prevent the account from sending additional messages.
4. If our email system logs indicate that a phishing message has been sent to multiple people at Deerfield, we will send a PHISHING ALERT to everyone who has received the message.
What you should do –
1. Learn to identify Phishing emails –
• Don’t trust the sender’s display name – check the email address of the sender carefully. Is it a deerfield.edu address?
• Inspect any links in the message. Hover your mouse over the links, but don’t click on them. Where is the link trying to send you?
• Check for spelling and grammatical mistakes. Legitimate messages usually do not have major spelling mistakes or poor grammar. Phishing messages frequently contain blatant spelling and grammatical errors, strange mixed fonts, and lots of capitalized text.
• Beware of urgent language. Playing on your fears or conveying urgency is a common phishing tactic.
• Be sure that you understand Deerfield’s password procedures.
2. Never respond with personal information. Legitimate institutions and Deerfield ITS will never ask for personal data or credentials via email.
3. Don’t respond to the email to ask for more information or to provide your cell phone number. There may be a real person at the other end of a phishing message, who is lying in wait for you. If you are concerned that a situation is urgent, pick up the phone and call the sender.
4. Don’t open attachments that aren’t from an address you trust. Including attachments that contain viruses and malware is a common phishing tactic.
5. Report any suspicious email messages to ITS at the following address – email@example.com.
Thank you for partnering with us to keep our systems and network secure!
* Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. (Source: securitysearch.techtarget.com)