Information Technology

 
 

Spearphishing

Don’t Take the Bait, Avoid Spearphishing

There are multiple cyber security workshops taking place throughout the month of October. Register today!

Spearphishing is a highly targeted form of phishing, which is an email that is made to appear to come from a friend, colleague or business you are familiar with. If phishing is putting your hook into the water hoping anyone bites, spearphishing is knowing what type of fish you’re looking for and using known information on the fish to reel them in. This will generally appear as an urgent looking email, and will either ask you for sensitive information and/or link to malicious content.

Please note: Adelphi’s IT Help Desk representatives and network administrators will NEVER contact you by email or phone, asking you to reply with your username, password or other sensitive information.

Examples of What to Look For

Spearphishing emails will appear to come from a trusted source. When checking your email you should pay attention to every detail, especially if something seems out of the ordinary. If your English professor sends you an email in broken English with an attachment, it’s most likely a spearphishing attempt.

Normally these emails will mention some type of urgency or haste, and request that you act on something immediately. This is done purposefully so that you’ll be less likely to thoroughly read and examine the email.  

Some attempts may be incredibly deceptive. Someone posing as your professor may send a link and tell you your grade on a recent midterm is available, and the only “mistake” could be in the email address, but otherwise look legitimate.  Be careful for emails that are professor@adelphi.edu vs pr0fessor@adelphi.edu. That zero instead of an O could be the difference between a real email and a phishing attempt.

Other attempts may come from a trusted business, or a business you have recently interacted with.  As an example, you may receive a spearphishing email from your bank that is disguised as an account inquiry or a notification to change your password.  Sometimes the email address itself will appear to be legitimate, but looking further will prove that it is fraud.

Spearphishing email goodThe example shown here is an actual address, but notice how both the name and email address are shown.  Someone would be able to change their name so that it would appear that “IT Work Order Support” is emailing you, but have a fake email address. If something seems “phishy”, check the details of the sender by clicking the drop down arrow next to their name (Gmail) to see who is really sending the message. Look for the small details.  Someone could have the email “support@delphi.edu” that looks official at a quick glance, but that missing letter makes a world of difference.

Beware of how specific a message is.  If you receive an email from Amazon or another business, and the messaging says “Dear Sir/Madam” and not “Dear Your Name”, that is something that could indicate phishing.  

Be aware of any links in a suspicious message. If you receive an email from Adelphi that looks official, but there is a link to a website you’ve never heard of, do not open it. Similarly, be careful before opening any short links from emails as well.


What to do if You Believe You Have Been a Victim of Phishing?

  • Reset your passwords, especially if you use the same password for multiple sites. (We recommend having different passwords for each site, so something like this may not give an attacker access to all of your information.)
  • Notify someone. If you believe you have been a victim from an Adelphi email address, contact the Help Desk immediately. If you believe you were a victim from another source (business, friend, colleague) let that person or business know ASAP.
  • Check your credit and debit card statements as many times attackers will be going after financial information.
  • Report the email you believe you were a victim of to your email client (gmail, outlook, etc.)

What are the possible consequences?

If you are a victim of a phishing, the attacker could potentially have access to a ton of your information. Passwords could give them access to bank accounts or social accounts, and could even leave you open to identity theft.  

Protecting your information is of utmost importance. Remember that Adelphi and most other establishments will NEVER ask you for any type of username or passwords through email. If you receive a suspicious request make sure to contact the proper organization, friend or colleague (not by replying to that email) to confirm everything before moving forward.

 

For further information, please contact:

Office of Information Technology
p – 516.877.3340
e – helpdesk@adelphi.edu
» Video Tutorials

3D Studio in Swirbul
The new 3D studio features cutting-edge printing, editing and scanning for 3D prototypes.
Learn about our 3D consultations
Tech News Alerts
Stay on top of IT announcements including service alerts and enhancements.
See all IT news
Tech Workshops
Take advantage of new workshops on 3D design and printing, plus learn more about Google Apps.
Check the schedule and register
 
 
Apply Now
Request Information