Protect Yourself From Phishing

If you believe you have responded to a phishing email or that your MVCC account may be compromised, you should immediately change your password(s) and notify the MVCC IT HelpDesk at 315-731-5711.

  • What is Phishing?

Phishing is one of the most common security threats faced by Internet users today. Phishing is when a message or website tries to trick you into revealing personal information. Many times, it will appear to be from a legitimate source, such as a bank, social network or even from MVCC. They may ask you to provide a Social Security Number, Credit Card numbers, Passwords, or even ask you to start a wire transfer or buy a gift card. Don’t fall for these phishing scams. You should never provide that information in an email. If you receive a suspicious message, do not provide any information that is requested. Instead, change your passwords immediately and notify the MVCC IT Helpdesk (315)731-5711.

 

  • Example of a Phishing Email.

Email is a very common way that phishing attacks occur. Phishing emails are sent every day. The subject line and body of the email will look like it is coming from an official source. For example:

From: MVCC Helpdesk <baduser@gmail.com>
Subject: Your MVCC Email

Your account may have been compromised. In order not to have your 
account deleted, you will need to send us your username and password 
immediately to confirm your identity.


You can click on the following link to login and verify your identity:
http://www.mvcc.com/login/

Sincerily,
MVCC Help Desk

 

  • How to detect a Phishing Email?

If you look at the example:

      1. The email address it was sent from is a Gmail email and not an mvcc.edu account.
      2. We would never ask you to send your username and password in an email.
      3. The http://www.mvcc.com/login/ link in the email does not go to an mvcc.edu address but a .com address. There are times when the criminal behind a phishing email may get trickier and disguise the link. It may say https://www.mvcc.edu/login but when you hover on the link, it shows a website that is different (like http:///www.mvcc.com/login).
      4. The final clue that it may be a phishing email – the misspelling of  Sincerely.

Remember, if you ever get an email and you do not know if it is a phishing email or not, please call the MVCC IT Helpdesk at (315) 731-5711 for assistance.

 

  • How to Protect Yourself?

There are several things you can do to protect yourself from phishing attacks:

    • Do not open unsolicited email messages or click on any web links from unknown senders. The Internet gives anonymity to the sender. Any time you read an email, you should be as alert as you would if you were in an unfamiliar neighborhood at night.
    • Do not ever send sensitive information in an email. When you send an email, your message is being sent across the Internet unencrypted. During this process, an email could be read at any point along the way. Basic rule of thumb, if you would not write it on a postcard, do not write it in an email.
    • When you receive an email from a company and you are unsure if the message is legitimate, open up a web browser and go directly to their site. Log into your account and see if they left you any notifications. Never trust a link in an email – open up a web browser and type in the web address. You never want to copy and paste a link from an email. The link could be encrypted and send you to a page that you did not want to go to. When in doubt, go straight to the source. Go straight to the company’s website and sign into your account.
    • When you receive an email from a company and you are unsure if the message is legitimate, you can also call the company to confirm. You should always look up the company’s phone number and not use the one in the email. A criminal may include a bogus number to try to get your personal information.
    • Before submitting any type of sensitive information in a web form, (like a credit card number), check that the website is secure. The web address should start with HTTPS and there should be a lock icon before the web address. If you mouse over, you should be presented a valid certificate. Also, pay close attention to the domain name in the address bar. Again, criminals will make it look legit. If you do not take the time to look closer, you may fall for the phishing site.
    • Do not fall for the phishing emails that need immediate action. Many times, a criminal will try to get you to react without thinking it through out of fear. Example, if you do not reply today, your account will be deleted.

 

  • Let’s go Phishing and test your skills.

Take this Phishing quiz that was developed by jigsaw (an affiliate company of Google). Give it a try and see if you can spot the imposters. Good luck!