Cyber Security

• Sublink 1
• sublink 2
• Sublink 3

• Students
• Faculty & Staff
  • Cyber Security Basics FAQ
  • Email Security
  • Identity Theft
  • Laptop and Desktop Encryption
  • Malware
  • Mobile Device Security
  • Password Security
  • Peer to Peer Sharing
  • PDID-Personal Digital ID
  • Phishing
  • Physical Security
  • Sensitive Information Handling
  • Social Media
• Home

Phishing

Q: What is phishing?

A: Phishing is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords.

Q: How would I spot a phishing scam?

A: Look for the following:

1. Generic email greeting-A typical phishing email will have a generic greeting, such as “Dear User.”
2. False sense of urgency-“Your account will be disabled if it’s not updated within three (3) business days!”
3. Fake Links-Many phishing emails have a link that looks valid, but sends you to a fraudulent site. Example: www.secure-paypal.com
4. Attachments- Similar to fake links, attachments can be used in phishing emails and are dangerous.
5. Sender’s email address-The “From” line may include an official-looking email address that may actually be copied from a genuine one. However, The email address can easily be altered – it’s not an indication of the validity of any email communication.
6. Deceptive URLs-Examples:
   • http://signin.paypal.com@10.19.32.4/
   • http://83.16.123.18/pp/update.htm?= https://www.paypal.com/=cmd_login_access
   • www.secure-paypal.com

Q: How do I know if a website is secure?

A: There are 2 things to look for to know if a website is secure:

1. Look at the website address. https:// means the site is secure. If it only has http://, that is not secure. Don’t enter any personal information on a website (including username and password) if the site is not secure.
2. if there is a secure lock icon in the status bar at the bottom right-hand corner of the browser window, the site is secure. Many fake sites will put this icon inside the main window to deceive you.

Q: But what if the email is genuine?

A: If you feel the email is valid but are not sure, the best thing to do is to open a new browser window and type the address of the website you trust in manually.

Q: What if the email has an attachment?

A: Avoid clicking on email attachments whenever possible, especially if you don’t know the sender! It could cause you to download spyware or a virus.

Q: Is there somewhere I can go to see if I would be able to spot a phishing scam before it happens to me?

A: Yes! Test yourself with this fun interactive game from OnGaurd.

External Links

• MySafeCampus
• Colorado: Cyber Security Web Site
• Colorado Attorney General Identity Theft Resources
• Games
• State of Colorado Data Retention Policy (pdf)