With a recent rise in phishing, the scam efforts in which outsiders attempt to snare sensitive corporate, academic, or personal information by gaining access to computer systems through unsuspecting users, AIC staff has been working hard to keep us all protected.
E-mail phishing scams are the most common tactic used by criminals to steal data. E-mail is the most common tool that cyber criminals use to trick people into sharing sensitive information, whether by posing as a trusted party and tricking the recipient into responding to the e-mail with certain information, or by inducing the recipient to click on a hyperlink or open an attachment that installs data-mining malware on the computer network. One particularly insidious recent e-mail phishing scam disguises an e-mail to make it appear as if it is from an organization executive and sends it to employees in the payroll or human resources departments, including a request to send a list of all employees and their Forms W-2.
Here are some Best Practices that you can refer to if you feel you have received a "phishing" email:
- Check the From email address – even if it is familiar name.
- Hold your mouse over the name and it will show you the email address.
- If you do not recognize it, DO NOT open any attachments or click on any links in that email.
- Never enter your username and password into any site you do not believe is real.
- Do not follow directions in those types of emails.
- Check sources before doing so.
- If you are unsure if it is a legitimate site, please forward the message to: Phish.Tank@aic.edu OR call the IT Help Desk (X3402) we can assist.
- Know that the AIC IT Department will never ask for your username and password in an email. Communications will come from either an @aic.edu address, or from email@example.com (or firstname.lastname@example.org). Legitimate messages from IT certainly will not come from ‘System Administrator’ at gmail or a foreign country (example of illegitimate sender: JoeSmith@college.ru)
- IT will also not email you about storage limits or with links to re-validate your account
Refer to the images included below for reference on verifying the sender's email address, as well as verifying links within a message.
If you feel you have clicked on something suspicious, please call the Help Desk (X3402). We are happy to take these steps:
- Check your AIC account
- Change your password
- Scan your computer
Thank you for your cooperation. Security requires everyone’s awareness.