Spam and Phishing
What is Phishing?
A phish is a type of cyber-attack which is made to look as though it's from a friend, a business or an organization. The attempt can come from a fake email address that may be only one or two characters different from the real account, or it can come from a real account that has already been compromised. Among the many entities from which a phish pretends to originate, a phish can be made to look like an official email, phone call, or text message. These phishing attacks are designed with two main focus’s in mind; Acquire sensitive information, or scam individuals into giving the Cybercriminal money. Regardless of the type of phishing attack, all attacks will typically attempt to link you to an external website, or ask you to send them information. Once attackers possess your sensitive information, they may be able to gain access to your account. In other words, you will not see any change to your account and will not know that there is someone else accessing your information.
Please see the below definitions for more phishing information.
Vishing (Voice or Phone based phishing attempt)
Vishing refers to phishing attacks that involve the use of voice calls, using either conventional phone systems or Voice over Internet Procotol (VoIP) systems.
Smishing (SMS or Text based phishing attempt)
Smishing (sometimes stylized as SMiShing) refers to phishing attacks that involve the use of messages sent using SMS (Short Message Service). False text messages are received by would-be victims, who in turn either reply directly or visit a phishing web site.
Whale Phishing (Phishing against Company Executives, wealthy, or powerful individuals)
A term used to describe a phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals. Because of their status, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a "whale."
Spear Phishing (individual targeted phishing attempt)
A phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss. While phishing tactics may rely on shotgun methods that deliver mass emails to random individuals, spear phishing focuses on specific targets and involve prior research.
A typical spear phishing attack includes an email and attachment. The email includes information specific to the target, including the target's name and rank within the company. This social engineering tactic boosts the chances that the victim will carry out all the actions necessary for infection, including opening the email and the included attachment.
What is UW-Parkside doing about this?
More than half of all email received by any organization is "spam". UW-Parkside utilizes state-of-the-art filters that use algorithms to remove known or suspicious unwanted emails. The sensitivity of these filters can be adjusted, however adjusting it too high increases the risk that legitimate emails may not get delivered to you. If you and your colleagues receive similar spam emails, please advise the TechBar. IT staff can then run a process to remove such spam emails from email accounts. Because of the effort and risk involved, this is typically only done when a high number of users are affected.
CTS recommends that you do not open any emails from individuals that you do not know. If you receive an email from a professor or an official UW Parkside employee asking you to purchase gift cards or to mail them money, do not oblige their requests. A UW Parkside employee will not make such requests through electronic means. Please use your own judgement and due diligence in researching who the particular UW Parkside Employee is to verify their legitimacy.
CTS does not have any vision or control over personal email or cell phones. If you receive a phone call or text message from an unknown source, we suggest not answering that email or phone call.
If you become a victim to phishing we suggest that you please follow our guidelines on How to Report a Cyber Incident.