National Cybersecurity Awareness Month 2020 - #BeCyberSmart
Michael Platt
started a topic
over 3 years ago
Please welcome national cybersecurity awareness month. Follow #BeCyberSmart on social media to keep up with the latest cybersecurity news. The HU Office of Information Services challenges you to remain educated and aware of your cyber safety.
According to Microsoft, 91% of of cyber attacks start with email. Mitigations such as multi-factor authentication prevent 99% of cyber attacks but the 1% of successful attacks can cause devastating effects. A recent simulated spear phishing campaign was sent to all HU staff and faculty. The purpose of these simulations is to always raise awareness. I'm happy to announce that a large percentage of staff and faculty have reported the below campaign email as phishing. If you think the mail you’ve received is suspicious, please report it.
Educate yourself, friends, and colleagues on how to recognize phishing attempts and report suspected encounters. Here are some of the tell-tale signs.
Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message is fraught with errors, it is likely to be a scam.
Suspicious links. If you suspect that an email message is a scam, do not click on any links. One method of testing the legitimacy of a link is to rest your mouse—but not click—over the link to see if the address matches what was typed in the message. In the following example, resting the mouse on the link reveals the real web address in the box with the yellow background. Note that the string of IP address numbers looks nothing like the company’s web address.
Suspicious attachments. If you receive an email with an attachment from someone you don’t know, or an email from someone you do know but with an attachment you weren’t expecting, it may be a phishing attempt, so we recommend you do not open any attachments until you have verified their authenticity. Attackers use multiple techniques to try and trick recipients into trusting that an attached file is legitimate.
Do not trust the icon of the attachment.
Be wary of multiple file extensions, such as “pdf.exe” or “rar.exe” or “txt.hta”.
If in doubt, contact the person who sent you the message and ask them to confirm that the email and attachment are legitimate.
Threats. These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
Spoofing. Spoofing emails appear to be connected to legitimate websites or companies but take you to phony scam sites or display legitimate-looking pop-up windows.
Altered web addresses. A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.micorsoft.com” or “www.mircosoft.com”.
Incorrect salutation of your name.
Mismatches. The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
Michael Platt
Please welcome national cybersecurity awareness month. Follow #BeCyberSmart on social media to keep up with the latest cybersecurity news. The HU Office of Information Services challenges you to remain educated and aware of your cyber safety.
According to Microsoft, 91% of of cyber attacks start with email. Mitigations such as multi-factor authentication prevent 99% of cyber attacks but the 1% of successful attacks can cause devastating effects. A recent simulated spear phishing campaign was sent to all HU staff and faculty. The purpose of these simulations is to always raise awareness. I'm happy to announce that a large percentage of staff and faculty have reported the below campaign email as phishing. If you think the mail you’ve received is suspicious, please report it.
Educate yourself, friends, and colleagues on how to recognize phishing attempts and report suspected encounters. Here are some of the tell-tale signs.
Additional material: 3 ways Microsoft helps build cyber safety awareness for all