This post is from an email I sent to colleagues before the holiday break, but I’m keeping the outdated theme because who doesn’t like a snappy title? (Okay, it’s a groaner, but it works for me.)
Hackers – malicious actors – don’t take holidays. By now you’re probably getting better at spotting a phish and have figured out that your Dean isn’t going to ask you to buy iTunes gift cards. 10 ways to spot a phish
Email infiltration
Here’s a twist: Let’s say you’re having a legit email conversation – say, with me – then you get a reply from me that doesn’t look quite right. Doesn’t “sound” like me, and maybe I’ve sent you a file you weren’t expecting. Should you be suspicious? (*Spoiler alert* YES!) How can I tell it’s really you?
Malicious actors will infiltrate an account, and then wait. They jump onto an existing email conversation with the hopes that you will trust that it’s me. You click the link or open the file and Merry-Christmas-and-pass-the-peanut-butter it’s ransomware.
- Tricked into opening or clicking? Report it right away to helpdesk@uvic.ca. I get it, you’re embarrassed, but we know that you are the victim here, not the bad guy. There’s lots we can do to help if you report it. Unsure? Don’t wait. Report anyway, and we’ll thank you for it! What if my employee falls for a phish?
How do you protect yourself?
Skepticism is your best defense against any con. Got your Mad-Eye Moody “Constant Vigilance” mantra firmly in place? Excellent. Here are some more resources.