By Kevin Keegan, Technical Services Manager
Phishing is a cyber crime where someone tries to trick a user via email (telephone or text message as well) to give up their login credentials to various web sites or accounts. With these login credentials, the culprits can access your personal identifiable information, credit card accounts, and bank accounts.
<br
>Many of the attempts trick users to click a link in an email. The link takes you to a webpage that looks identical to the legit company’s web page, and the user enters their account information into the fields. The problem is that once you hit submit, your account information is sent to the criminal’s database and not the company you thought you were connected to.
The first phishing lawsuit was filed in 2004 against a teenager from California.
In 2017, researchers at Proofpoint found that the top 10 Phishing lures were: Google Drive, Microsoft OWA, Apple Accounts, USAA, Paypal, Adobe Account, Dropbox, Blackboard, LinkedIn, and Capital One. Apple attempts leading the way.
HOW TO SPOT A PHISHING ATTEMPT
If you look at the email that you receive, the sender of the email, the email address is not from the company you are expecting. Looking at an email address, for example from a phishing attempt and it says it is from Apple regarding your account, and the email address is
[email protected]. You will notice the company name (domain) portion of the email (everything after the @ symbol) says apple.i.com, it does not say apple.com. This would be the second red flag. The first red flag would be that they are asking you verify your account information, no reputable website or company will ever ask you randomly to verify your account information.
Another way to see that a link in the email is erroneous is to hover your mouse pointer over the link, you will see the actual link it is trying to take you in the lower left corner of your browser.
Other ways to distinguish a possible phishing attempt: the offer is too good to be true, there might be a sense of urgency, the sender of the email is very unusual, there is an attachment, they are demanding attention, as well as other scare tactics.
You can go to
www.phishing.org to learn more about phishing.
WHAT TO DO IF YOU THINK YOU HAVE
FALLEN VICTIM TO A PHISHING ATTEMPT
The first thing you need to do is change your password to the account that you were victimized on. If you have other accounts at other businesses with the same username and password, you should also change those passwords as well.
Cambridge Public Schools is looking into a possible training program to educate CPS users on how to spot different types of phishing attempts. Please keep an eye out for these trainings.</br