ITS Blog

GET WISE TO PHISHING!



Stay up to date on the latest info on phishing scams by reviewing the ITS Phishing page: https://binghamton.edu/its/phishing.


REPORT ALL PHISHING TO security@binghamton.edu and 

CC: police@binghamton.edu


PHISHING comes in all shapes, sizes AND formats. Don’t be FOOLED.


In the last few years ITS has been notified of many campus individuals falling for varied phishing scams. Many of these attacks have had to do with email and text hoaxes. Out of sight out of mind when it comes to phishing scams? WRONG. Phishing is very 

serious. According to Verizon’s 2020 Data Breach Investigations Report:

  • 22% of data breaches involve phishing

  • 96% of attacks arrive via email

  • 86% of attacks are financially motivated.


What is Phishing?

By now everyone should know what phishing is and how to avoid it. But just in case you are not entirely sure how broad phishing can be, here is the basic rundown on Phishing. Phishing is a fraudulent practice where scam artists send official looking emails/messages/voicemails/calls, attempting to fool you into disclosing your personal information, such as user names, passwords, credit card numbers, bank account numbers, and/or social security numbers by replying to the email or entering it in a fake form or website. It is a scam intended to steal personal and financial information from unsuspecting victims. Phishers can pretend to be from a legitimate bank, organization, government agency, or store, or claim to be the host of a lottery or contest. Phishing messages are crafted to deliver a sense of urgency or fear with the end goal of capturing a person’s sensitive data. Some even imitate the University’s ITS Help Desk. 

Scammers are getting really good at fooling people into thinking they are legitimate. SO USE CAUTION! Many of us believe to be fairly knowledgeable about phishing, yet every day someone falls for a common email or even text scam and has their account compromised. Lately, there has even been a surge of job related or info related emails from actual professors on campus, yet if you check their email address it is either a strange gmail, hotmail or other email and NOT a BMail address.

A FEW COMMON TYPES OF PHISHING that we tend to experience in our day-to-day lives are:

  • Vishing:

This is the phone version of phishing, wherein callers try to trick you into providing information about your accounts over the phone.

  • Mass Phishing Campaigns:

Emails are sent to the masses from a knock-off corporate entity insisting a password needs to be updated or credit card information is outdated. Thereby, creating a sense of urgency to send the information accordingly.


  • Pharming:

It is when hackers install malicious code on a personal computer or server, which redirects clicks you make on a website to another fraudulent website without your consent or knowledge.


  • Spear Phishing:

Attackers usually pretend to be someone the target knows well or an organization that they are acquainted with to gain access to private information, which is later used to exploit the victim.

  • Pop-up phishing:

Even though most of us use pop-up blockers, pop-up phishing is still a risk. The newer version of pop-up phishing uses the web browser’s notifications feature.

  •  Whaling:

It usually has a focus on a high-value target, typically a senior employee within an organization, to boost credibility. This approach also targets other high-level employees within an organization as the potential victims and includes an attempt to gain access to company platforms or financial information.


TIPS TO AVOID PHISHING

Red Flags to be spotted:


  • Does it ask you for any private information?

  • Does it make any unrealistic promises?

  • Does it ask you to download any files or information?

  • Does it contain any suspicious links?

  • Does it create an urgency or fear?

  • Does it redirect to any pages that ask for credentials?

  • Does the email seem unprofessional?

  • Does it ask you to click or visit anything?

  • Does it have any copycat URLs like my.apple.pay.com?



Start with the DON'Ts and apply the DO's and you'll stay safe and secure from phishing attacks. It is for YOUR technology security and peace of mind.

1. DON'T fall for fake emails. Do NOT give out any financial aid or personal information  via email no matter how legitimate the email looks. RESEARCH email first! Any personal info. required from Binghamton University will be directed to you from the myBinghamton portal ONLY.

2. DON'T click on random links. Don't turn into a fish out of water! Don't randomly click links in emails and websites. HOVER OVER links and senders FIRST to make sure they're legit.

3. DON'T apply to suspicious job postings. Red fish, green fish, BLUE PHISH. You will be BLUE if you don't research job openings posted on Handshake or any others sent to you via Bmail.

4. DON'T connect to public Wi-Fi off campus... or you'll be asking for a HACK ATTACK! Hackers use public Wi-Fi as a breeding ground. Be secure and use a VPN, You can also use Binghamton's VPN.

_________________

  1. DO use 2 factor authentication! Add an extra layer of security by giving info other than just your username and password. 

  2. DO run malware and virus protection. Protect your devices by running the most current versions of browsers, virus protection, malware, software and apps. Check for updates on a regular basis for peace of mind.

  3. DO backup your work. One easy way to protect yourself from valuable data loss is to RUN REGULAR BACKUPS. It's also nice for peace of mind.

  4. DO protect your credentials. Binghamton University or any organization will NEVER SEND EMAILS requesting your usernames, passwords or other personal info. 

  5. DO CHECK IT OUT. When in doubt, always check it out by phoning the person or organization you think sent you a questionable email. Haste makes waste - so make sure you don’t get click happy when reading emails, texts or any kind of correspondence.


PHISHING EXAMPLES

Here are some major real-time phishing scams that have been going around lately:


JOB HOAXES


On-campus Employment Scam

This is an on-campus employment scam which asks you to reply with your information. The email is from a generic email address, and also isn’t from any campus groups. 


Employment Scam

It is from a company that doesn’t actually exist. The link could redirect you to any malicious webpages or download unwanted files with malware/viruses.


Employee Portal Scam

The sender’s address isn’t genuine, it is a generic email address and the organization isn’t being reflected in the domain of the email address.


Impersonation Scams:


This email impersonates the help desk at Binghamton University, it really seems legitimate but it isn’t.


Copyright Infringement Scams:


Here the scammer tries to instill a fear of copyright infringement and make you click malicious links.


Tax Related Scams:



Here the scammer is trying to tap into the user’s data by showing a lucrative refund which is illegitimate.



There are a lot of student related phishing scams as well, please be aware and avoid them.


What to do if you are the victim of a Phishing scam:


  • Scan your computer for malware/viruses. 

  • Change the credentials and passwords for all the suspicious and interlinked accounts.

  • Make sure to inform or contact the organization/person mentioned in the scam

  • Review and check your accounts regularly

  • Set up a fraudulent alert to prevent the scammer to use your details to open new accounts.

  • Check if there was an identity theft.

  • Cancel your card, if you have entered your card details on any suspicious pages

  • To avoid spreading phishing links from your email, try deleting your contacts if you can’t recover your email.

  • Use backups and try to reset/reconfigure your computer.


To review the most recent phishing attempts, please visit ITS Phish Tank. Bookmark it, so you can easily review on a regular basis.


Stay up to date on the latest info on phishing scams by regularly reviewing the ITS Phishing page: https://binghamton.edu/its/phishing

 

Received a phishy email? 

Report it to security@binghamton.edu and copy police@binghamton.edu


Please contact the ITS Help Desk at 607-777-6420 or helpdesk@binghamton.edu with any questions.