Learn the small actions you can take that will make a big difference to your online security at home and at Williams.
WEEK 1 – PHISHING – Don’t give up your usernames, passwords or financial information due to an email
Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.
The email they send can look just like it comes from Williams college, a financial institution, cloud service (e.g. Apple, Dropbox) or delivery vendor (e.g. UPS)
It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is a new service for you to take advantage of.
If you are unsure whether an email request is legitimate, it most likely is not. If you’d like to try and verify it:
- Send email to firstname.lastname@example.org and OIT will check it out.
- Take a look at our “spot a phish” page to search for telltale clues.
- Contact the company directly. DON’T just reply to the email and say “is this real?”.
Remember that Williams OIT will never ask for a username and password in an email. Your bank or any other institution will not either.
When you do recognize a phishing email it helps to report it directly to Google so they can analyze and block it more quickly. From the gmail interface in a web browser choose Report Phishing from the drop down menu next to Reply
Why do hackers want your username and password anyway?
Often they will use your account to send further phishing scams through the Williams network to catch more people. This can then give us a bad online reputation and cause legitimate emails from Williams to be blocked. Also emails coming from a @williams.edu will look more genuine to college students and employees.
They will use your account to attempt security breaches on computers outside of Williams. They can do this from locations like Nigeria and Russia (recent examples).
Once they can read your email they can look for personal information like credit card numbers and Social Security numbers to attempt Identity Theft.
They can set up a forward on your email so that they then will receive all future email to you. Or they can start emailing your friends and family pretending to be you in order to perpetrate a financial scam.
Or they will simply collect usernames and passwords over time and sell them in bulk or on the black market.
It only takes one person to respond with their credentials to have a dramatic effect on campus communications and security. When in doubt, check it out.