Phishing

What is Phishing?

  • Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
  • Phishing and spam are by far the most common security concerns that you will encounter on a day-to-day basis. While Saint Michaels employs email filters to help mitigate risk it is still vital for individuals to have a working understanding of Phishing and how to prevent it.

Example Phishing Attempts

Insert photos

Potential Consequences

The consequences of a successfully phishing attack can vary greatly in severity. In the best case it only requires passwords to be changed. In the worst case it can lead to compromised bank accounts and social security numbers.

Phishing also poses a serious threat to Saint Michaels as an institution. A successful Phishing attack could lead to employee and student information being compromised on mass or college systems being shut down to extort Saint Michaels. Here are some examples of the results of Phishing attacks on colleges.

Identifying and Reporting

Common Red Flags:

  • Fake From Address: Always Check the email address Sender name can always be faked but email address cannot. All official Saint Michaels communications will come from an @ smcvt.edu email.
  • Fake Links: Hyperlinks can be used to disguise a fraudulent link as a legitimate one. You can hover over an email link to see where it goes.
  • Urgent or Threatening: A common tactic is to pose an urgent threat to the user such as deletion of an email account or revealing compromising personal information. These claims are almost never true and are designed to scare the recipient into complying
  • Spelling and Grammar: This is a tactic designed to ensure anyone who responds to the original email is unlikely to notice discrepancies further down the line.
  • Demanding or asking for Money: Legitimate individuals or Organizations will not ask for money through email.
  • Strange Attachments: Attachments can be used to deliver malware to a computer. Even standard looking files such as pdfs and word docs could be used to compromise a computer. Never open a file from an untrusted source.
  • Asking for a Password: You will never be asked for your password through an email or be sent an unsolicited request to reset your password. Never use a password reset link unless you requested it.
  • Unknown Devices: Devices like CDs and flash drives can be used to place malware onto a computer. Never plug anything into your computer unless you received it from a trusted source. The most common form of this attack is leaving USBs around entrances or public areas in the hope someone will plug it in out of curiosity.

How to Report

Send any email you believe is suspicious to ithelp@smcvt.edu

What to do if Compromised

Change your Passwords: Change your email password and the password of any account that shares a password with any account that you believe to be compromised. Below are instructions on how to reset your Mikenet and email password.

  • Monitor your Accounts: Keep an eye on any account you believe to be compromised. Look out for suspicious transactions from your bank account or posts from your social media account.
  • Come to the IT Helpdesk: Bring the compromised device into the helpdesk so it can be examined for malware or other threats to the college.