Phishing

Phishing attempts come in many forms and are often made to look like requests from known vendors or associates. Most of these attempts have links that forward victims to nefarious websites in an effort to collect passwords and personal or confidential information; however, some may simply try to initiate a dialogue, which ultimately ends with them asking for unrecoverable items like gift cards or electronic transfers.

When people provide account information to cybercriminals, it negatively affects school business. For example, once an internet provider detects that an LBCC account is generating a substantial number of phishing emails, all outbound email is blocked. This means that external recipients, including students, no longer receive communication from the District.

Never supply your login credentials (user ID and password) or personally identifiable information in response to an email.

How to Report a Phishing Email

If you suspect that you received a phishing email but did not click on any links, open any attachments, or respond to it:

  1. Create a new message, attach the original message to the new one, and send it to reportaphish@lbcc.edu.

    To attach a message:

    1. Arrange the windows so you can see both the message list and your new message.

    2. Select and drag the message you want to attach from the message list into your new message.

  2. Delete the original message

Otherwise, if you suspect that you have fallen victim to a phishing attempt or inadvertently provided your password to an unauthorized source:

  1. Reset your password immediately
  2. Call the ITS HelpDesk at x4357 and give specific details of the event, and
  3. Forward a copy of the original email as an attachment to reportaphish@lbcc.edu.

If you’ve fallen victim to internet fraud, make sure to report it.

Social Engineering and Phishing

In technology, the term social engineering is used to describe the use of deception to lure people into revealing personal and/ or confidential information with the intent of using that information for fraudulent purposes. Social engineering spans various modes of communication and is often used to target specific groups.

Phishing is a form of social engineering that uses email and often includes more focused schemes such as spear-phishing (appears to be from someone you know), and whaling (high-value targets such as executives). Other forms include vishing (over the phone) and smishing (via phone texts).

Indicators of a Phishing Attempt

Most phishing attempts include more than one of the following:

  • Suspicious Sender Address
    The From address typically contains an email address you do not recognize or is something similar to a real organization but looks odd enough to warrant suspicion.
  • Suspicious Links
    Before clicking on anything, hover your mouse over each link to display the real hyperlink. If it is unrecognizable or looks suspicious, do not click on it.
  • Attachments
    An email may ask you to open attachments that, in turn, contain buttons or links to perform the action specified in the email (access a document, change your password, etc.). Do not open an attachment that you are uncertain of, especially if it’s a type of document you do not recognize.
  • Threats
    Many phishing attempts use threats or create a sense of urgency. For instance, it may stipulate that your account will be terminated, suspended, expire, etc., so you need to reset your password or verify your account information. Do not respond to threats or pressure tactics — legitimate businesses do not use these tactics.
  • Poor Spelling and Bad Grammar
    While legitimate organizations typically have copy editors to prevent low-quality emails, cyber-criminals are known for poor spelling and bad grammar.
  • Website Spoofing
    Some phishing attempts include the look and feel of commonly known vendors and services (PayPal, Office 365, etc.) but there are usually significant visual differences. When in doubt, go directly to the real website instead of using the link.

Examples of Phishing Attempts

Norton antivirus provides a few visual examples to help you identify phishing attempts. With that in mind, be aware that perpetrators have used the Long Beach City College logo against employees in an attempt to lure victims.

Remember, if the email content, from address, link destination, or URL of the website looks questionable, do not click, use, or reply. Simply forward a copy of the email as an attachment to reportaphish@lbcc.edu, and ITS will look into it.

Phishing Decision Tree

Proofpoint, a leading cybersecurity company, has shared Practical Advice for Avoiding Phishing Emails in the form of a decision tree to help users verify unknown emails.

Videos on Phishing

What Is Phishing And How Can I Protect Myself? (2:28)

Video courtesy of AARP.

    Common Types of Phishing Scams

    Phishing is used to facilitate a variety of imposter scams. According to the Federal Trade Commission, victims are now losing billions of dollars each year to these types of scams.

    • Gift Card Scams
    • Fake Check Scams
    • Phone Scams
    • Sextortion
    • Tax Scams
    • Tech Scams
    • Other Common Scams

    Online Phishing Quizzes

    Test your newly acquired skills by taking one or more of the following:

    Additional Resources

    Post

    Protect your password

    Administration Regulation 6006 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not ITS.

    Post

    Don’t be a victim of phishing!

    Forward all suspicious emails to Report a Phish. No one, not even ITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. If you do give your password to someone, immediately change it in the Viking Portal.