Targeted phishing or spear phishing uses social engineering to get a person to reveal sensitive information. It creates a sense of familiarity by using information from social media and other sources, such as mentioning someone you know, an item you recently purchased, or credible information.
Protect yourself from phishing attacks by following these guidelines:
- If the email is unexpected, unsolicited, or out of context, be on alert.
- Keep calm and analyze the situation. It is a common ploy to play on emotions by using exciting or alarming email subjects like "Your account will be suspended" or "You have won US $20,000".
- Always check the email address, not the sender's name. In this example, the sender name displayed is CSB, but the email address is imaphisher@gmail.com.
- If you cannot avoid opening the email message, do not click on any links or clickable images inside it. These links/images are made to look like legitimate sites.
- To verify the email message, contact the sender through official channels: support email mentioned on Benilde websites, official Benilde social media accounts, Benilde directory, etc.
- Always keep endpoint protection software (formerly known as anti-virus) running in the background. You may use Microsoft Defender or any free endpoint protection solution for your devices.
- Report the phishing email by using the Report Phishing feature in Gmail. Click on the three dots icon at the upper right corner of the message window and click Report Phishing.
- Always trust your gut. If something feels out of place, don't open it.
Emails that are detected as phishing or spam messages are flagged by Gmail. In some cases, carefully crafted phishing emails may still slip through.
In some cases, legitimate but hacked accounts were used to send phishing emails. Ultimately, you are the last line of defense against social engineering, so don’t be fooled. If you suspect that your account has been compromised, contact Helpdesk right away.
Let's continue to keep each other cyber-safe!