Internet and Email Safety

It is a best practice when interacting with technology to understand and easily identify when something is not right. Here are definitions of some cyber security terms and a few pointers to assist you identifying phishing.

Definitions

  • Hacker/Cracker = Someone who seeks to breach defenses and exploit weaknesses in a computer system or network
  • Phishing = Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.
  • Spear Phishing = The fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
  • Whaling = A form of spear phishing targeting the CEO, CFO, President or other high-ranking person in a company to gain access to their credentials.
  • Computer Virus = A type of malicious software program that, when executed, replicates itself by modifying other computer programs and inserting its own code
  • Malware = An umbrella term used to refer to a variety of forms of hostile or intrusive software
  • Adware = A software application used by companies for marketing purposes; advertising banners are displayed while any program is running. Adware can be automatically downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on the computer screen automatically.
  • Spyware = Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer’s consent, or that asserts control over a device without the consumer’s knowledge

Outlook/Email

  • Am I expecting an email or attachment from this contact?
  • Is the link what I would expect?
  • Is the sender address real?
  • Is this request in line with my job function or position?
  • Is this the correct channel for this request?
  • Are there misspellings, poor grammar, over capitalization or foreign characters.

This is a best practice that allows you to reveal the full email address or site URL. Never assume that an email is legitimate because the name is one easily recognized.

  • It’s simple and quick to just hover the mouse over a link in an email or on a website to see of it makes sense.
  • Hovering your mouse over the “from” in an email will expose the actual email address sending the email.
  • Does it match what I was expecting
  • Is the sender’s address real?
  • Avoid shortened or bitly links
  • Type addresses in manually
  • Be aware of autocomplete and always check the “To:” address

Know Where You Login

  • Check the address bar
    • Make sure the address bar has a “wooster.edu” hostname
  • Check for the lock
    • Never enter your credentials on an insecure site.  All sites valid for entering credentials will be secured
  • Verify the certificate
    • Click on the lock
    • Click on the “>” by Connection is secure
    • Click on the picture of the certificate
    • Verify that “Website:” has a wooster.edu hostname