Body

We're here to help you identify phishing attempts and to protect your account information.

You can always forward suspicious emails to OIT Supportif you're unsure about the legitimacy of a message. To help you avoid phishing attempts, our cybersecurity experts have put together some tips on the telltale signs of suspicious email activity. First, some definitions:

Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information through emails or instant messages that claim to be from a business or organization you interact with, like your bank, a credit card company or a government agency.
Spear fishing attacks are directed at specific individuals, roles or organizations. Attackers often use publicly available institutional information to carry out these attacks. Often, these attacks will come from someone with a name that matches someone at an organization, like St. Edward's.
- "Whaling," meanwhile, is a type of spear phishing attack in which the attacker attempts to mimic executive officers or other high-profile targets within a business.

Recognizing phishing attempts

Phishing attempts have been around for years, and you may have seen some targeted at the St. Edward's community. Often, you can recognize a phishing email by the following characteristics:

The sender stating they have an urgent request, especially one for gift cards
It asks for a username and password. No one from St. Edward's will ever ask you to provide your password via email.
The message usually says you need to "update" or "validate" your account information.
It might threaten some dire consequence if you don't respond, like that you'll lose your account if you don't verify your information.
The "From" address is clearly bogus or is clearly not a St. Edward's address. Other times, though, the message may contain a "From" address that looks legitimate. Unfortunately, it can be easy to spoof a sender's address.
The email itself may contain frequent spelling errors.
The message directs you to a website that looks like a legitimate organization's site, but it's not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information. If you hover your mouse over the web address (but don't click!), you can see the full URL, which is usually markedly different from the real company's web address.

Another common form of phishing is employment scams, which you can read more about in this support article from OIT.

What happens when someone replies to a phishing attempt?

Once compromised, your email account can be used to send spam to thousands of people. When that happens, the St. Edward's email domain becomes suspected of being a source of spam, which can lead to all St. Edward's accounts being blocked by other email providers.

If you answer a phishing email sent to your St. Edward's email account, your account will be blocked. You will not be able to log in and check email until you reset your password

Internet Safety Tips

Be suspicious of email attachments from unknown sources.
Always check the actual email address of the sender.
If you suspect the message may not be authentic, don't use the links in an email to get to any webpage. Instead, call the company on the phone or log on to the website directly by typing in the web address in your browser.
Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know. This is known as "spoofing" a sender's address.
Install all Microsoft security updates.
Update your anti-virus protection weekly.
Avoid financial transactions over email.