A cool thing about your Google Apps @ NC State account is that you can easily share documents with others. This type of sharing can also open your cyber door to data predators, like phishers. Since the new year, OIT — the Office of Information Technology — has seen an uptick in phishing attacks targeting the campus community. More than 200 people have fallen prey to these attacks, causing their accounts to become compromised, and thus suspended.
OIT reminds you to be “click-savvy” when it comes to links to Google docs or websites within an email and offers the following advice.
What Does a Phishing Email Look Like?
In recent phishing attacks, campus users received an email, possibly from someone they knew whose account was hacked, that included a link to a Google doc with a message similar to the following: “Please view the document I uploaded for you using Google docs. Click here just sign in with your email to view the document its very important. Thank you.”
As with many phishing attacks, the grammar construct is poor, but it could sound legitimate coming from a friend or classmate with whom you are working.
Another red flag of a possible attack is that the link requires an additional log-in before opening the document. You shouldn’t have to sign in again if you’re following a link from a Gmail session where you’ve already been authenticated. Clicking on the link can actually start a chain of events that can lead to your account being compromised.
How Can I Tell If a Link is Legitimate?
If you’re a desktop user, you can hover over the link to see where it is going. In this latest campus attack, users were directed to a website in Russia, not to google.com.
If you’re a mobile device or tablet user, you need to be extra careful. Learn how to view a link before clicking on it for your specific device or simply wait until you are on a desktop browser and can confirm the link is going to a valid address.
Why Do Phishers Try to Steal Passwords?
Phishers typically try to gain access to your password to send more spam. However, some phishers look for financial or other personal information, which can lead to identity theft.
How Can I Protect Myself?
- Be sure to use different passwords for different online accounts. You do not want your email password to be the same as your online banking account.
- Do not store credit card or other personal information in your email account.
- Use Google’s two-step verification for an extra layer of protection for your account.
- Visit the Data Privacy Month 2014 website for other suggestions for staying safe online.
If you receive a phishing email, forward it to firstname.lastname@example.org or call the NC State Help Desk at 515-HELP (4357). Remember, the Help Desk staff will never ask for your password via email or over the telephone.