NCSAM Week 4 – Finally, Phishing

For the 4th week of NCSAM, we’ll address the highest risk email-based threat that we can receive: phishing. TL;DR: when you get one of these emails, please use Gmail’s “Report phishing” function, just like with scams last week.

Phishing usually has a specific focus: to steal the credentials to your Williams account or your other personal accounts. This can be done numerous ways, from links, to attachments, to QR codes, voice calls, SMS/text messages, and any other medium you (or GenAI) can come up with.

A popular saying has emerged in recent years that attackers rarely hack in anymore…they just log in using stolen account info instead. This is why it’s such a high risk to the college and to your personal accounts. MFA is a great defense against phishing, but so is prompt detection and reporting.

OIT will investigate “Report phishing” submissions, whether scams or phishing. This makes it a simple process for everyone to follow when you get an email that’s suspicious.

Two important tips:

1. You can always trust emails coming from “@williams.edu” addresses, and can extend that trust to [email protected]
2. You can use the “Show original” menu item (above) to see the actual sender, which can be helpful when you’re not sure

More Information