For the 4th week of NCSAM, we’ll address the highest risk email-based threat that we can receive: phishing. TL;DR: when you get one of these emails, please use Gmail’s “Report phishing” function, just like with scams last week.
Phishing usually has a specific focus: to steal the credentials to your Williams account or your other personal accounts. This can be done numerous ways, from links, to attachments, to QR codes, voice calls, SMS/text messages, and any other medium you (or GenAI) can come up with.
A popular saying has emerged in recent years that attackers rarely hack in anymore…they just log in using stolen account info instead. This is why it’s such a high risk to the college and to your personal accounts. MFA is a great defense against phishing, but so is prompt detection and reporting.
OIT will investigate “Report phishing” submissions, whether scams or phishing. This makes it a simple process for everyone to follow when you get an email that’s suspicious.
Two important tips:
1. You can always trust emails coming from “@williams.edu” addresses, and can extend that trust to [email protected]
2. You can use the “Show original” menu item (above) to see the actual sender, which can be helpful when you’re not sure