Click only links and files that are expected, and only from people you trust.
What is the risk?
On the Internet, everything is just a simple click away. Unfortunately, that includes criminals. Phishing is when criminals attempt to trick you into clicking a dangerous link or file attachment in a message. Falling for the trick can cost you your passwords, bank account information, or personal data.
What could happen?
A successful phishing attempt is believed to be the starting point of the attack that led to the 2013 Target breach, but phishing isn’t just a risk for big business. Phishing is the most common way a criminal can obtain your passwords or account information. Sometimes the goal isn’t to steal your identity, but to get money from you directly. Ransomware, malicious software that extorts victims out of money to recover their files, is distributed primarily through phishing. It has impacted hundreds of thousands of people, including some at USPF.
What can I do to protect myself?
You don’t have to be a security expert to practice good security habits. A little knowledge and a healthy dose of skepticism will make a big difference in your fight against phishing. Finding the Phish, Spotting the Scams, Foiling the Frauds Phishing can come in many different forms, from obvious-to-spot frauds to sophisticated deceptions, but they share some common characteristics. Before you click a link, consider if the message you are reading contains these suspicious attributes.
- Sense of Urgency and Time Constraint
- Fear of losing money or winnings
- Requests to verify accounts or credit card numbers
- Communication from services you do not use
- PDF Attachments from businesses
- Generic email providers
- Poor grammar and spelling
- Confirmations that lack details, such as delivery locations or travel dates
- Unexpected, but out of character, emails from people you know
- Files or links that require you to download additional software to view them
- Close, but not quite right, links (See below)
If an email seems suspicious, don’t risk the click. Contact the sender to see if the message is legitimate or simply delete it. Pause and Hover Links can lie, but your browsers and email clients can help you find the truth. Links can be crafted to look like they point one place, but actually send you somewhere else. How can you be sure where you are going? On a desktop: Hover your cursor over link. A pop up window should show you the link’s true destination On a mobile device: “Long-Press” the link to see the link’s destination.
What can we do to reduce phishing at USPF?
Observe and Report Most phishing is broad in nature and targets anyone willing to respond. Some phishing is designed to target a specific person or organization. In cases where you see a suspicious email with USPF branding, logos, and language contact USPF ICT Department via your helpdesk immediately. As soon as we know a phishing campaign is underway, we begin taking actions to identify and protect accounts that may have been compromised. Quick reporting from responsible members of the USPF community has saved accounts from compromise, so make sure to help do your part!