Phishing Attacks:  Don’t Take the Bait

Jeremy Shelley, UAH CISO

 

Phishing attacks use false emails or text messages to trick you into giving them information they otherwise don’t have and likely would have difficulty getting. Attackers use these fake communications to impersonate someone else such as financial institutions (banks, investing companies), technical service providers (Amazon, game providers, social medial companies like Twitter/Instagram), companies whose services you may have used (cell phone companies, cable companies, online streaming services) or any other provider that they think could entice people to click on a link.

 

The attackers craft a very clever message that masquerades as a message from the company and attempt to get you to click on a link, open an attachment, or upgrade an existing application.  Meanwhile, the link takes you to a website that is branded to look just like a valid company web page but is really on a domain owned by the attackers.

 

On this page, they may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $54 million to phishing schemes in 2020 (Source:  2020 IC3 Report - www.ic3.gov).

 

UAH spam filters keep out many phishing emails but they can’t be made perfect.  Scammers are always trying to outsmart spam filters, so we need you to remain vigilant.  Below is a handy graphic from KnowBe4 to help identify phishing emails.

 

 

What To Do if You Suspect a Phishing Attack

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?

  • If the answer is “No,” UAH OIT would ask that you click on the 3 dots in the top-right corner of the email and click “Report Phishing” or “Report Spam”.  
  • If the answer is “Yes,” contact the company using a phone number or website you know is real. Do not use the information in the email.

 

What To Do if You Responded to a Phishing Email

  • If you think a scammer has your UAH login information, go immediately to https://reset.uah.edu and change your UAH password.
  • If you provided personal information like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.

 

What To Do if You Opened an Attachment in a Phishing Email

  • If you think you clicked on a link or opened an attachment that downloaded harmful software, contact the help desk at helpdesk@uah.edu or 256-824-3333.