Stop cyber attacks in their tracks: How to spot and thwart phishing attempts

Cybersecurity is an ongoing priority at Arizona State University, where preserving the availability, confidentiality and integrity of our information resources is paramount. To protect our communities from the costly consequences of cyberattacks, ASU is committed to finding cutting-edge security solutions that keep the data of students, faculty and staff safe. 

To kick off Cybersecurity Awareness Month, learn about the many versatile forms cyber attacks can take, including phishing attacks that remain one of the most eminent threats to user data. Read on to learn how to avert these threats with ease.  

  1. Never engage with emails from addresses mimicking a real person or organization.
    Numerous phishing scams employ mimicry to achieve their goals. By posing as a member of a trusted organization – such as a bank or government institution – bad actors can convince recipients to offer vital information that they will then exploit. These emails will often incorporate links to malware (software designed to damage your computer system) in hopes that recipients will click them and infect their devices.

    If you receive a suspicious-looking message in your ASU inbox, remember you can always forward it to infosec@asu.edu for review. Additionally, you can avoid scams sent to your personal email by adopting a cautious stance: never open links from people or organizations you do not know, and if you receive an email that seems credible, examine the email address for misspellings or inconsistencies before engaging with it. Listen to your gut – if the email feels “off,” do not engage with it and instead delete it.
     
  2. Never reveal confidential information, especially passwords.
    A tell-tale sign of a phishing attempt is an email requesting your password, which most (if not all) reputable organizations refrain from. As mentioned above, phishers will often pretend to be a service you use, claiming they need your account information in order to perform password resets or, ironically, address an alert of fraud on your account.

    Never give your passwords, authentication codes or private information to those emailing or calling you. When performing a password reset, remember to always do so from a company's official website, and never engage with a password recovery email that you did not personally request. As always, examine the content of your messages for inconsistencies, spelling errors and/or information that differs from the organization’s official social media or contact information.
     
  3. Be discreet with what personal information you choose to share.
    When it comes to cyber attacks, the most basic information can be leveraged to discern greater information about your life than you’d prefer the public to know. By disclosing something as simple as a nearby business you’ve visited or leaving college-branded items in the background of a selfie, you’ve provided a clue as to where you may live. When possible, keep your surroundings generic and keep identifiable items from view.  

Whether checking your email or posting on social media, you can always use tips and tricks gathered from GetProtected to stay safe and secure. Visit today to learn more about information security and #BeCyberSmart!