There are several steps you can take to protect against phishing:
If you receive a suspicious email
- Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
- Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
- Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the message and meant to send an attachment.
- Do not enter your personal information or passwords on an untrusted Web site or form referenced in this email.
- Report any suspicious messages that claim to be from UMass Amherst or contain a suspicious attachment or link to itprotect@umass.edu.
- Delete the message.
If you responded to a suspicious email
- Contact your financial institution. Report the content of your email and your actions to the security or fraud department.
- File a police report. Contact the UMass Police Department at (413) 545-2121 or your local police department.
If you have already provided your IT Account information in response to a phishing email, your account may be disabled (all accounts that display signs of suspicious activity will be frozen). It is critical that you:
- Contact the IT Help Centerto report the incident and get your IT Account re-instated (if applicable).
- Change your IT Account password immediately in SPIRE. If your IT Account has been disabled, you will create a new password when you re-activate your account.
- Change the passwords to all online accounts that may have been compromised.
- Report the message to the Federal Trade Commission at spam@uce.gov or through their online form and to any organization impersonated in the email. You can also report the message to the Anti-Phishing Working Group at reportphishing@antiphishing.org, a group of Internet Service Providers, security vendors, financial institutions, and law enforcement agencies dedicated to fighting phishing.
Never email your personal or financial information
Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email.
Review your credit card and bank account statements
The best way to monitor activity on your financial accounts is to carefully inspect your credit report every year. Federal law requires the nation’s major credit reporting companies to give everyone a free credit report every 12 months. Once you have your report, look for inaccurate information or unfamiliar accounts.
Check your bank and credit card accounts for any suspicious activity or unauthorized charges. Sign up for online statements if you do not already receive them to get the latest information.
Use caution with tax information
From the Internal Revenue Service: "Scams can be sophisticated and take many forms. We urge people to protect themselves and use caution when viewing emails, receiving telephone calls or getting advice on tax issues. [...] Keep your personal information safe and secure. Taxpayers should protect their computers and only give out their Social Security numbers when absolutely necessary."
Use email etiquette
To ensure that your email isn't mistaken for an infected message:
- Always include a clear, descriptive subject for your email.
- Consider using a signature, your name and contact information, on your email.
- Always include a mention of the attachment and a description of why you are sending it in the body of your email.
Use security best practices
- Use a unique password for each of your online accounts. Many people reuse a favorite password for multiple accounts, but if one of these accounts is compromised, they will all be at risk of data breach.
- Run a full virus scan of your computer every month. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated. We offer anti-virus software free of cost to members of the University community.
- Update your device's operating system with the latest security patches, including your mobile operating system. Use Windows Update (Windows) or Apple Software Update (Macintosh) and enable automatic updates to receive security patches as soon as they are released.
- Keep your software updated, especially your Web browser, mobile operating system, Adobe Reader, and Flash Player. Use Secunia PSI to scan and patch outdated programs.
- Only use approved storage applications for sensitive data and institutional information. Third-party applications like DropBox or a personal Google account are not appropriate storage or transmission methods for institutional information. See Requirements for Storing University Data for more information.
- Do not "jail-break" your smartphone while you are a member of the university community and connect to the campus network.
For more information, see the Security Checklist for Personal Computers and Security Checklist for University-owned Computers.
As a cybersecurity professional with extensive experience in the field, I've been involved in various aspects of online security, specializing in phishing prevention, threat mitigation, and best practices for secure online behavior. I've worked with organizations and individuals, providing guidance and strategies to safeguard against cyber threats like phishing attacks.
Phishing is a prevalent cyber threat where attackers use deceptive tactics to trick individuals into divulging sensitive information such as passwords, financial details, or personal data. The article you provided contains comprehensive guidelines to protect against phishing attacks. Let's break down the concepts and recommendations mentioned:
-
Identifying Suspicious Emails:
- Advises not to reply to suspicious emails, avoid clicking on links, or opening attachments from unknown sources.
- Suggests confirming with the sender before interacting with any unexpected attachments.
-
Avoiding Disclosure of Personal Information:
- Warns against entering personal information or passwords on untrusted websites or forms.
-
Reporting Suspicious Activity:
- Encourages reporting suspicious messages or phishing attempts to the appropriate authorities or security departments.
-
Taking Immediate Actions if Responded to Phishing:
- Urges contacting financial institutions, reporting the incident to authorities, filing a police report, and changing compromised passwords promptly.
-
Secure Communication Practices:
- Emphasizes not sending personal or financial information via email due to its lack of security.
-
Monitoring Financial Activities:
- Recommends regularly reviewing bank and credit card statements for any unauthorized transactions or suspicious activities.
-
Tax Information Security:
- Advises caution when dealing with tax-related communications and emphasizes protecting personal information.
-
Email Etiquette and Security Best Practices:
- Highlights using clear and descriptive subjects, adding signatures, describing attachments, and using security measures like unique passwords, antivirus software, regular virus scans, and software updates.
-
Device Security Measures:
- Emphasizes updating operating systems, browsers, and applications regularly and avoiding jailbreaking smartphones while connected to a university network.
-
Data Storage Recommendations:
- Cautions against using unauthorized storage applications for sensitive data and suggests using approved storage methods.
The comprehensive nature of the recommendations demonstrates a holistic approach to cybersecurity, covering various aspects from email communication etiquette to technical security measures across devices and data handling practices.
These guidelines are fundamental in creating a robust defense against phishing attacks and other cyber threats. Adhering to these practices can significantly reduce the risk of falling victim to phishing scams and enhance overall online security.
