Our digital world is constantly under threat. These threats range from stealing passwords, installing ransomware, or handing over sensitive information that will be used against you. Here you will find the latest definitions, trends in latest attacks, training material and best practices to keep you safe.
What’s out there?
Phishing – the art of disguising email or other types of digital communication
The most popular and unfortunately easiest attack is Phishing. You receive an email/text/etc. that looks like something you trust. You are instructed to click on a link which leads to a web page that looks exactly like a resource you use such as checking email or checking bank account information. You enter your user name and password and hit submit. At the speed of light your information is gathered, sold and stored indefinitely.
Vishing – Phishing using the power of voice
Vishing is the same concept as phishing, but involves a phone call. These calls can be in form of robo calls but most successful attempts will come from real people. They pose a school, business, trusted vendor, or something else you may be familiar. They will try to obtain bank account, credit card or information relating to MMA.
Smishing (SMS Phishing) – Phishing with text or Direct Message
SMShing is the same concept as phishing, but involves texting or some type of direct digital messaging. The number our source may appear from a trusted party, but the goal is to get you to respond with personal information. A common tactic is posing as someone close to you claiming they have a new phone number. In turn they ask for all types of personal information.
Ransomware – holding your data hostage
Ransomware is a piece of software that locks or encrypts your files. You are given the option to pay in exchange for a key that will unlock or decrypt your information. Ransomware is distributed by phishing or installing software from an unknown source.
What should I do? Best Practices and how to report
In the case of Phishing
First, slow down. Take your time when reading email. Next, always ask the following questions:
- Are you expecting this type of email?
- Is this coming from outside of the academy?
- Is this email really who it’s from?
The “from” name and email address are extremely easily to change and allow imitation of someone else. Compare the name and @ address. If something doesn’t seem right, report it.
For the adventurous, looking at email headers
An email header (or sometimes listed as “Internet Header”) will provide you the exact source of the email. Finding this header varies with different email programs. For our Outlook client users, go to File->Properties and look for “Internet Header”. In that mess, you will find the “From” field. Does that match up?
KnowBe4 and reporting suspicious email
MMA utilizes cybersecurity training and testing services from KnowBe4 (https://www.knowbe4.com/). This allows us to keep our community trained and on their toes when using email. Included is a Phish Alert button that appears in your email. Use this button to report suspicious email directly to our IT department.
How to use KnowBe4 (PDF)
In the case of Vishing or Smishing
Trusting caller-ID and who is on the other line is a thing of the past. If an unfamiliar person is requesting school, bank, credit card information or anything else too personal, don’t be afraid to question why or just hang up. If it’s a text, call them back directly. Still unsure? Submit a helpdesk ticket with the source phone number, who they are claiming to be and we can look into.
In the case of Ransomware
If you believe your device has been infected with ransomware, please visit our help desk with the troubled device or submit a ticket from a working device (https://helpdesk.mma.edu) . We will guide you through the next steps.