Cybersecurity Basics: Phishing and Email Scams

by

Starting this fall, email messages sent from outside our email system will be tagged with the following notice:

CAUTION: This message originated from outside the Georgia Highlands College student email system. Exercise caution with links and do not open or preview unsolicited attachments. Never send your Social Security Number, driver’s license, federal ID, or bank account/credit card information to anyone by email.

 

Don’t rely solely on the presence of this warning to determine if a message is legitimate! Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks such as:

  • The sender’s email address does not match the person in the message signature
  • The message appears to be from a GHC employee, but the sender’s address does not end in “@highlands.edu”
  • Poor grammar, spelling, or an overall strange and unnatural use of language
  • Messages that create a sense of urgency, but appear very terse or lacking details
  • Account “re-verification” or mailbox quota warnings
  • Requests for personal information
  • Unsolicited attachments

In the phishing message example below, we see an unfamiliar sender (someone that does not appear in GHC’s global address book or online directory) attempting to create a sense of urgency with the subject line. The message body is full of capitalization errors and contains obviously suspicious links. It’s also important to never take a link at face value. Always hover your mouse cursor (or tap and hold on a mobile device) to see a link’s real address.

It is vitally important that everyone remains vigilant for email threats and scams. Don’t assume that you won’t be targeted or that exposing your login information just means you’ll just have to change your password. Any single GHC email account compromise can be used by criminals to gain access to your financial aid, attack other student and employee accounts, spread malicious software to college computers, send spam across the Internet, and may present legal and regulatory risks to the institution.

Please continue help us to improve our email monitoring by reporting suspicious email to rt@highlands.edu and always remember: When it doubt, throw it out!