Search Information Security site

 

Main menu

Beware the Phish!

While hackers have thousands of methods for getting into information systems, most of those options are incredibly complex, difficult, risky, and expensive. The easiest way for a cybercriminal to gain access to protected information is to get someone who already has access to hand them that access. This is the idea behind social engineering. 
 
Social engineering describes hacker’s methods for obtaining access to protected information by communicating with users like you and me. There are many forms of social engineering, the most common is called phishing. In fact, 91% of security breaches begin with a phishing attack. What is phishing, and why is it so effective (and harmful for information security)?
 
Phishing is a fraudulent request, usually made through email, to steal data by getting you to perform an action or send information that allows a hacker access to your, and potentially others’, information. The phishing message may ask you to follow a link that installs a virus on your computer, allowing the hacker to secretly control your device from anywhere. The phishing message may have malware disguised as a harmless attachment. Or the phishing messag can encourage you to reply with sensitive information that will allow hackers access to your bank or credit card accounts. 
 
What are the best techniques for foiling phishing attacks? The most effective is learning how to recognize malicious emails (phishing), text messages (smishing). and phone calls (vishing). All of these often:
 
  1. Create a sense of urgency. Humans act irrationally and carelessly in urgent or stressful situations, and hackers are counting on you to let your guard down when you need to “act fast” or “reply immediately.”
  2. Sound a little off. The email may appear to be from your coworker or friend initially, but a false email will never sound quite like a normal email from the sender would. There may be odd turns of phrases, use of unusual slang, or an atypical tone in the email body. If you sense something is amiss, err on the side of caution and assume the email is a phishing attack. 
  3. Contain links with suspicious addresses. Get into the habit of hovering over links in emails. The link’s full address will appear in the bottom left corner of your screen, and this is the information you need to determine whether the link is legitimate or not. Remember that the link’s address can be different from the linked text in the email. For example, this linked text says “baseball” in the body of this article, but the link address actually takes you to a basketball site. (Notice that if you, a baseball fan, hover over the link, you could detect this trickery before following the link to a site filled with boring basketball information.) While this example of misdirection leads to a harmless sports switch-up, clicking on a link that reads “make money fast” but instead takes you to a viral installation site can be catastrophic. 

If you recognize any of these warning signs, assume the message is malicious and report it immediately by forwarding it to [email protected] 

There is no benefit to giving the message the benefit of the doubt. When in doubt, report it. By reporting the message and/or contacting the supposed sender to verify that they actually contacted you, you keep your and fellow users’ information safe.. 
 
You can report phishing, vishing, or smishing  and other potential fraudulent activity by emailing [email protected]
If you think a security incidents has occurred, you must report it to University Information Security within one (1) hour from the time the incident is identified.  Report the incident at the "Reporting a Security Incident” website (preferred) or by telephoning (434) 924-4165.  
 
Once you’ve reported the phishing, the information security team will review the report and determine whether or not the threat is legitimate, and if it could impact other system users. Then the team will take appropriate steps to inform at-risk users of the threat.
With your assistance, we can defeat cyber-attackers and protect the security of our University’s information!   
See more about the steps our team takes below. 
 

The steps our information security takes in response to a cyber-threat report are as follows: 

Analysis: 

  1. Identify whether or not the message is a phish.
  2. Determine the target and source of the phish.
  3. Analyze the landing webpage if the phish attempts to direct users to one.
  4. Analyze impacts to UVA accounts.
  5. Generate a list of all affected users

Containment:

  1. Post to security alerts (see the security threats currently circulating at UVA)
  2. Post fake account information in the malicious site and obtain an address to attach alerts to for all UVA users
  3. Block or redirect all outbound activity from UVA accounts to the malicious page
  4. If applicable, ask reporter to inspect profile for signs of suspicious activity

Eradication/Recovery: 

  1. Contact hosting company and request phish removal
  2. Contact phish-sending institution 
  3. Send all clear message

 

Other Key Pages

What to Do With a Phishing Email

Examples of Phishing Emails

Current Phishing Alerts

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form