Check out the following tips to avoid falling victim to phishing scams:
Be Skeptical
If something seems suspicious, use caution. Typos, too many exclamation points, and other grammatical flags can be used to question the legitimacy of emails.
Check the sender's address. Don't trust the display name alone: hover over the display to see the full email address. Does it match other communications from the organization?
You can also hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.
Is the email addressed "Dear Customer" or with another generic salutation? If so, be cautious —legitimate business emails will often personalize their greetings with your name.
Legitimate banks and companies will never ask for personal credentials via email or phone. Don’t give them up.
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.” Urgent language is designed to make you act before thinking.
Lack of details about the signer or how you can contact a company strongly suggests a phish. Most companies have an official signature.
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
Choose Strong Passwords and Keep them Secure
One of the best ways to protect against phishing attacks is to use secure password management strategies. Passwords should be unique for each of your logins, with master passwords like your district synced credentials, being the strongest and most secure. While tempting to select passwords based on personal information is tempting, these passwords are often also the least secure and easy for others to guess. Examples: favorite sports team, family names, pet names, etc. The most secure passwords contain a random string of words. Passwords are also only as secure as how you store them. If you must write them down to remember them, make sure they are stored in a secure location--not on your monitor, under keyboard, etc.
Password Resources:
- Take the password quiz Carnegie Mellon University designed to assess your perceptions of secure passwords.
- Last Pass is a password manager that allows you to set one secure password to manage randomly generated passwords for the websites you visit.
- Password Alert gives you a warning when it detects you reusing passwords across sites.
- How Secure is My Password estimates how long it would take for someone to hack your password.
Use 2-Factor Authentication
To keep your district accounts secure, I highly recommend enabling 2-Step Verification to protect your account credentials. Since we sync your passwords across multiple websites and applications, it is critical that we all do our part to protect our accounts. This extra step does not take much additional time and keeps bad guys out even if they are able to obtain your password. Information about how it works and a link to step by step directions follow.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.