At the Wrong End of a Lure
Week 3 of National Cyber Security Awareness Month (NCSAM) brings to light the dangers of phishing
by Tony Moore
You open Outlook or Gmail and find an email from your mom. It’s probably about Thanksgiving dinner, you think. Or maybe she’s passing on one of her infamous forwarded jokes. But the message starts “Dear friend,” and Mom has provided a link to some photos that apparently the two of you discussed at an earlier time. It all seems little odd, but it’s Mom, so you click on the link.
And … now you’ve fallen prey to something known as phishing.
Phishing is an online ploy through which a scammer emails a potential victim with an offer that 1. seems legitimate but isn’t or 2. seems weird and wrong but is coming from an email address the recipient knows and trusts (thanks, Mom).
Once the email is opened, the potential victim clicks on the link provided and then becomes the victim when that click downloads malware. Alternatively, the person clicks through the link and misguidedly provides sensitive personal information (passwords, Social Security number, etc.).
These scams come in many forms—from “luring” emails (“You’ve won an iPad!”) to “urgent” emails (“This deal won’t last long!”)—and you have to be ready for them. But to be ready, you don’t have to be a computer scientist. Just use common sense and have a good awareness that there are lots of creepy people out there trying to get into your inbox.
So be smart and keep these two points in mind when you’re online:
- Clicking on a link when you’re already on a trusted site is OK.
- Clicking on links that appear in random emails and instant messages is not a good idea. If a message seems suspicious, it probably is.
If the message is from a company you often deal with, and you think the message may be legitimate but are still wary, go directly to the company's website (i.e., type the real URL into your browser) or contact the company to see if you really need to take the action described in the email message.
When you recognize a phishing message, delete the email message from your inbox and then empty it from the deleted items folder to avoid accidentally accessing the websites it points to.
To test your knowledge of phishing scams, check out the quiz LIS has created. By scoring a 20 or higher on the quiz, you earn a chance to win a Microsoft Surface 3 or a Best Buy gift card. The winners will be announced at the "Three C’s of Cyberspace" event (see below). Visit the quiz link for further details.
There are several NCSAM 2015 events you can attend to learn more about phishing and other cyber safety topics.
- October 19, 11:30 a.m., Stafford Auditorium: "Data Security Law and Dickinson College"
- October 27, 12 p.m., Tome 115: Math/CS Chat with Jeff Caton: “The Three C’s of Cyberspace: A Holistic View of Cybersecurity Issues." Caton is a former U.S. Army War College Fellow and Department of Defense consultant.
- October 28, 4:30 p.m., Biblio Café: FaculTea with John MacCormick, associate professor of computer science: "Why Are Password Rules So Annoying?"
All Dickinson students, faculty and staff are welcome to attend, and faculty and staff will earn financial wellness points.
Learn more
Published October 17, 2015