Information Security Awareness - Phishing

Phishing: one of a cybercriminal's favorite tricks

As email became a tool for managing relationships with our employers, banks, stores, social networks and more, it also became a tool for criminals to gain access to our resources. Every day, flurries of criminal emails attempt to get people to disclose personal information like their passwords or credit card numbers - a process called phishing. The following steps tips can be used to avoid becoming a victim:

  1. Always check the sender’s address. If an email is not from an emory.edu or emoryheathcare.org address, but claims to be from Emory, it is probably not legitimate. Also, be aware that phishers may forge the sender’s address to make it look as though it came from Emory, even when it didn’t. Bottom line: If you’re asked to reveal any personal information via email, you should not respond.
  2. Watch where you are going. If an email directs you to a website, check the link before clicking it. Did you know that you can look at the address of a link in your email before you click on it? Most email programs will display the address if you hover your mouse over the link. One strategy is not to click on email links at all and instead go to the site directly. An example would be a message from your bank asking you to go to its website. Rather than clicking the link provided in the email, just type the bank’s address into your browser manually. Note that phishers often make fake websites that look like the real thing. Always check the address bar of your browser to make sure you are visiting the site you think you are visiting.
  3. Never enter your user ID or password unless you have initiated the action. Entering your user ID or password to log on to a legitimate system is fine. However, you should never enter your credentials if requested in an email.
  4. Remember: No Emory employee, even from IT, should ask you for your user ID and password. If an email asks you for this information, delete it!
  5. If you think your user ID and/or password have been compromised, change your password immediately. 

Emory Healthcare: Go to the password reset tool, located on the Emory Healthcare intranet under the Quick Links section.

Emory University: Visit My Password. Login and select the “Passwords” link.