Since COVID-19 struck in March, Interpol reports that phishing attacks have increased by 59 per cent. Ninety-three per cent of IT security breaches are now a direct result of phishing.
Phishing is a form of attack that depends on tricking or fooling a victim into doing what the attacker wants. The attack begins with the attacker sending a message to the victim. It is a success if the victim reacts to the message.
“It is the technique of using a message as bait to lure or hook the victim that gives phishing its name,” says Kevin Macnaughton, team leader security in IT Service. “And it’s important to remember phishing messages can be sent by email, text (smishing), and voicemail (vishing).”
IT Services’ top four tips for spotting — and ultimately avoiding — phishing are:
- Consider the request in detail.
- Is it an unusual or unexpected ask from the sender?
- Is there an odd sense of urgency?
- Does it ask you to open an attachment you were not expecting?
- Does the message ask you to log in or provide personal information to a website?
- Examine the sender’s name and email address carefully. Do they look peculiar?
- Review the message. Does it contain spelling errors, bad grammar, odd formatting, or missing signatures?
- Check any links in the message. When you hover over them, are the web addresses suspicious?
If you answer ‘yes’ to any of the questions above, do not react to the message. Instead, if you think the message may be legitimate, contact the sender through a different communication channel to verify it.
Otherwise, report the message by forwarding it as an attachment to firstname.lastname@example.org or contacting the IT Service Desk at 519-253-3000, ext. 4440.
To learn more ways to spot a phishing hook, see www.uwindsor.ca/722/don’t-take-bait.
Led by IT Services, Cybersecurity Awareness Month efforts highlight cybersecurity issues relevant to the UWindsor community. More information, along with how you can protect yourself, is available at uwindsor.ca/cybersecurity.