08 Feb
08Feb

Phishing Attack




  • Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
  • Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
  • Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the message and meant to send an attachment.
  • Do not enter your personal information or passwords on an untrusted Web site or form referenced in this email. 
  • Report any suspicious messages that claim to be from UMass Amherst or contain a suspicious attachment or link to itprotect@umass.edu.
  • Delete the message.
  • Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
    • Something you have — like a passcode you get via an authentication app or a security key.
    • Something you are — like a scan of your fingerprint, your retina, or your face.
  • Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
  • Here’s a real world example of a phishing email.Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
    • The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
    • The email says your account is on hold because of a billing problem.
    • The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
    • The email invites you to click on a link to update your payment details. 
Comments
* The email will not be published on the website.