As security technology continues to advance, 人类成为 the most vulnerable part of an organization. 然而, 与 a little knowledge 和 a careful eye, you can make yourself harder to crack than any password. 

Cyberattackers often try to trick people into installing malicious software by:

  • Disguising it as a useful update. 
  • Phishing: impersonating legitimate organizations or people via emails or text messages to trick users into clicking bad links, installing malware or sharing personal information.

Common warning signs of phishing

  • Offers that are too good to be true, for example: “You’ve inherited $300 million. 请寄49美元送货费.” 
  • 紧急的, alarming or threatening language such as: “Failure to comply 与in 48 hours might lead to permanent shutdown.”  
  • Poorly crafted writing 与 misspellings 和 bad grammar: “We will play info we hold about you, so you ca be sure this is a genuine request.” 
  • Requests to send personal information: “To re-validate your account please provide your email address, 用户ID和密码.” No legitimate organization will ever ask for your password via email. 
  • Unexpected or unfamiliar attachments or hyperlinks, especially ones that don’t lead where they say they will. Most mail clients will let you verify where a hyperlink goes 与out actually clicking on it Specific methods vary between mail clients, but a common method is to hover your mouse pointer over the link. 
  • Strange or abrupt business requests such as: “I’m stuck in a meeting, but I need you to make an urgent payment to our client’s new bank account ASAP or they won’t deliver on time.” 
  • Bizarre or unprofessional subject lines, for example: “MESSAGE FROM C.E.或“注意:我亲爱的朋友。.” 
  • The sender’s email address 不 match the person or company purportedly sending the email. For example, an email from an 密歇根州立大学丹佛 colleague where the sender’s address ends in “(电子邮件保护),而不是“@msudenver”.“Edu”应该引起警惕.

New phishing 和 junk email reporting 

Previously, 密歇根州立大学丹佛 users were encouraged to 向前 suspicious or spam messages to (电子邮件保护) 审查. 然而,这种方法 is 过时的 接口 现代 保安及电邮 技术 

而不是, users should report phishing or junk messages using the built-in reporting functionality in Office 365. The exact method will vary depending on how you access your email:

  • Outlook Web应用程序(电子邮件.qingzhuan.net): 
    • Right-click the offending email. 
    • 选择“报告”.
    • Select “Report phishing” or “Report junk” as appropriate. 
  • Outlook移动应用 
    • 突出显示违规邮件.
    • Tap the three dots in the upper-right. 
    • 选择“报告垃圾”. 
    • 选择“网络钓鱼”. 
  • Outlook桌面应用 
    • 打开恼人的邮件. 
    • Click the Report Message button in the top ribbon. 

有了这个变化, information on phishing attacks 和 campaigns will be collected faster, more efficiently 和 in greater technical detail, which will enable the University’s security team to better identify 和 respond to potential threats. Please note that reported messages will no longer be responded to unless additional information or action is required from the reporting user. 

If you suspect you’ve received a phishing email: 

  • 阻止发送者. 
  • Report the phishing attempt using this new method. 
  • 删除邮件.  

This is part of a series of articles for Cybersecurity Awareness Month 2023. 密歇根州立大学丹佛 is proud to support the 20th year of this far-reaching online safety awareness 和 education initiative, which is co-led by the National Cyber Security AllianceCybersecurity 和 Infrastructure Agency (CISA) of the U.S. Department of Homel和 Security. For more information about Cybersecurity Awareness Month 2023 和 how to participate in a wide variety of activities, 访问 staysafeonline.org/cybersecurity-awareness-month/.