Beware Recent Spear Phishing Attack
September 11, 2018
Many of you may have received an email this morning that appeared to have come from Long Beach City College’s Superintendent-President. This particular type of phishing attempt is referred to as spear phishing because it is uses social engineering to target an individual or, in this case, a specific group of people.
Spear phishing can be very convincing. In this case, the message contained enough generic employee/policy related content that some might have mistaken it as legitimate, especially in light of a signature line using the Superintendent-President’s name and title. However, there were two main indicators divulging the message’s fraudulent nature – the sender address was clearly not associated with the Superintendent-President, and the recipient was asked to open a PDF that contained a link to an external site.
This is an excellent time to review the following basic red flags of a phishing message. Typically, you will find more than one of them in any given attempt.
- Unknown sender addresses.
- Unknown or unrecognizable links within the email.
- Uncommon attachments (not a PDF, DOC, etc.).
- Attachments that ask you to click on buttons or links to perform the action specified in the email (access documents, login, change password, etc.).
- Threats of termination, account suspension, etc.
- Bad spelling/grammar.
- Although it claims to have come from Office 365, Microsoft, etc., something about the message just doesn’t look right.
Another important reminder: be aware of phone phishing (vishing). It is not uncommon to get calls from people claiming to be from Microsoft, the IRS, etc. These are just scams to hijack your computer, pressure you into giving them money, etc.
IITS encourages you to read more on how to recognize phishing attempts where you can also view short video and take a short quiz.