Body
CBC has seen an increase in compromised email accounts from phishing attacks. Phishing is the most common type of cyber-attack. These attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.
Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense. Attackers go after people as their primary target because of our desire to be trusting and helpful. Whenever in doubt, please call us at 509-543-1445 or email shelp@columbiabasin.edu for assistance with determining if a message is real.
Simple ways to protect yourself:
-
Never respond to an unexpected email from an unknown person. If the job or bitcoin offer is too good to be true, it likely is.
-
Never respond to an IT worker needing your login credentials.
-
Never open up a random attachment. Attachments may contain computer viruses. Only open up attachments that are from a trusting source.
-
Never send a Social Security Number or any highly sensitive information through email.
-
Watch for email senders that use suspicious or misleading domain names that are not columbiabasin.edu.
-
Never click links from untrusted senders. If a message is from a trusted sender, hover over the link first without clicking to be sure it goes where it says. If unsure, call the sender and verify their message.
-
If the yellow warning banner is present telling you the message came from a non-CBC staff or student, the message is coming from outside of CBC’s network and may be a phishing email.
-
If a student or staff member account is sending suspicious emails please notify us by forwarding the message to shelp@columbiabasin.edu to investigate.
Passwords
With passwords being utilized for many systems as a form of authentication, and need to be secured the same way we treat sensitive information like Social Security Numbers.
- Never use the same password twice.
- Use at least one UPPER CASE, lower case, number, and symbol.
- Don’t use your name, families names, pets, address, or other personal information in your password.
- Never share your password, even to CBC employees. If you do, best to change immediately.
- Use a password manager if you have a hard time making unique passwords.
- Sign up for the Have I been Pwned Database (https://haveibeenpwned.com/) to be notified if your email or phone number has been found in a data breach.
- Utilize Google’s free phishing email training site Phishing Quiz with Google (https://phishingquiz.withgoogle.com/)
Phishing Email Examples
In the first example is a job opportunity that is spoofing Career Services to try to convince you that the job offer is supported by CBC. Note, that the the link goes to a Google Docs form. CBC uses Microsoft Forms that require authentication for legit forms that collect sensitive information. Also, Career Services uses third-parties like Handshake as a secure platform to connect students to potential jobs.
In the second example is a fake job offer looking for someone to do part time work, If you hover over the link you can see it does not take you to the website it says it will.
Phishing email that provides a too good to be true opportunity for free money. The link points to a Google form that is listed below.
In this example is a spoofed Microsoft email asking a user to sign in, however the link points to a portal for the phisher to get your credentials.
Message posing as an IT department to gain login credentials
Fake order that was not expected. If you question it, safest to go directly to the website and see if real.
Additional Security Resources If You Believe You Have Been Compromised
- Have I Been Pwned? - Check if you have an account that has been compromised in a data breach
- F-Secure - Check if your personal information has been exposed
- Avast Hack Check - Did you password leak online?
- Preventing and Responding to Identity Theft - Recommendations by the Cybersecurity & Infrastructure Security Agency.
- identitytheft.gov - Federal Trade Commission Identity Recovery Plan tool.
- Internet Crime Complaint Center (IC3) - You may file a complaint with the IC3 (part of US Department of Justice) if you believe you have been the victim of an Internet crime or if you want to file on behalf of another person you believe has been such a victim.
- Annual Credit Report - Free website to check your credit report with Equifax, Experian, or TransUnion credit bureaus if any abnormal activity is on your account.
- Create Your IRS Account - Create an IRS account before someone else creates one using your personal information. Even if you don’t file taxes, creating an account prevents someone else from creating one and then using it to file claims for resources provided by the IRS.
- Create Your SAW Account - Multiple Washington State agencies use the SAW account for various services, including filing for unemployment. Creating your account prevents someone else from using your personal information to create an account and then using it to file fraudulent claims.