Recognizing and Handling Phishing Cyber Attacks
As you may be aware, ICC has been the victim of several cyber attacks in recent years. Employees have received fake and misleading emails with the intention of stealing their login credentials or other sensitive information.
“Phishing” is the most common type of cyber attack that affects Colleges like ours, and it is a very real problem for ICC. These types of attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.
Although we maintain technology to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense.
To avoid becoming a victim of a phishing attack, the first step is to educate yourself on the types of scams and how to spot them.
Types of phishing attacks to watch out for:
Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to a fake login screen that delivers your information directly to the attackers. ICC often receives attacks like this in the form of “Mailbox Quota” or “Mailbox Upgrade” emails that request you to login to a fake site with your ICC logon credentials.
Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to Illinois Central College in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real College employee or executive.
Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox, Google Drive or OneDrive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
Steps you can take now (Best email practices):
- Do not click on links or attachments from senders that you do not recognize.
- Do not provide sensitive personal information (like usernames and passwords) to any person or site that you are not familiar with.
- Be extremely skeptical of all email that does not come from an @icc.edu email address.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Do not try to open any shared document that you’re not expecting to receive.
- If you can’t tell if an email is legitimate or not, contact the sender via phone.
If you aren’t sure about the safety or legitimacy of an email, contact the ICC Technology Services Help Desk at Ext. 5457 or [email protected].