Phishing Awareness

 
What is Phishing? 

Phishing is usually an attempt to deceive you into thinking a legitimate organization is requesting information from you. These requests for information may look innocent at first glance or may seem to come from a legitimate source, but do not. These scams request you reply to an email, respond to a request by phone, or follow a link to a website. 

Email phishing attempts often give clear indications that the request is not legitimate. Links to web sites (sent to you through email) often take you to web pages that look very similar to the legitimate service the email is faking. Banks, eBay, and online e-cash services like PayPal are common targets; however, phishing attempts are sometimes targeted against specific groups or lists of individuals and are called “spear phishing.” 


What Does a Phishing Email Look Like? 

Phishing emails often attempt to use emotional triggers to get you to react quickly without thinking through whether you should respond, such as dire language about time limits, loss of service, penalties, or language targeting a desire for money. They often have grammar, spelling, and syntax errors, and phrasing that a native speaker would not use. 

An example would be an email with a generic greeting warning of a change in an account requiring you to verify your account information. These emails typically include directions to reply with private information or provide a link to a web site to verify your account by providing personal information such as your name, address, bank account numbers, Social Security numbers, or other sensitive personal information. 


Indicators of a phishing email: 

  • Name and email address don’t match 

  • Urgency of action to be taken 

  • Attempt to prove legitimacy using words such as ‘Official’ 

  • Uses a real organization or company name but incorrect email address 

  • Poor grammar 

  • Unsolicited requests for personal information are a clear danger signal 

  • Misspellings 


Will VCCCD Send Legitimate Emails That Look Like Phishing Scams? 

The short answer is no. There will be times when legitimate messages must be sent to inform our email users of various issues. These may include password expiration notices, inactive account removal, or cases of account abuse. However, it is very important to remember that the VCCCD Information Technology department will never ask for your password.  In the event of a password reset, VCCCD IT will request that you use the "forgot password" link located at the portal to regain access to your account. If you are ever in doubt about the legitimacy of an email, please forward the email to emailabuse@vcccd.edu. 


Why Can’t VCCCD Stop These Emails? 

VCCCD stops thousands of phishing attempts, spam emails, and virus infected messages every day, but the methods scammers use change very quickly. Due to the variety of use for VCCCD email, we must also be careful not to implement filtering which may block otherwise legitimate email. 


How can I avoid phishing scams? 

  • Never send passwords, bank account numbers, or other private information in an email. 

  • Avoid clicking links in emails, especially any that are requesting private information. 

  • Be wary of any unexpected email attachments or links, even from people you know. 

  • Look for ‘https://’ and a lock icon in the address bar before entering any private information. 

  • Have an updated anti-virus program that can scan email. 


What Should I Do If I Receive a Phishing Email? 

 Forward the email to emailabuse@vcccd.edu. This is extremely helpful as we have tools to block the sender and remove the scam from other employee inboxes. 

 What Should I Do If I Have Been Scammed by Phishing? 

  • Change your VCCCD login credentials 

  • Change login and password for any personal accounts that share the same password such as: 

  • Online banking 

  • Personal email 

  • Online purchasing (PayPal, Amazon, eBay, etc.) 

  • iTunes account 

  • Social media (Facebook, Twitter, blogs, etc.) 

  • Online backup service or file sharing (Dropbox, Mozy, Carbonite, etc.) 

  • Do not use the same password for your VCCCD account that you use anywhere else. Can't remember them all? Consider using a password manager to manage all of your personal passwords (we recommend LastPass - it's free). 

  • Contact the abuse or fraud department of the service being impersonated (eBay, PayPal, etc.) 

  • Email emailabuse@vcccd.edu to let us know. 

  • If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report. 


Where Can I Get More Information?