NOTE: It is important to read both sections of this article to understand the true dangers of phishing. The first section is a refresher, while the second reveals details of which you may not have been previously aware.
Phishing
Phishing is an attempt to harvest information from you that you would not share under normal circumstances. They grab names and images from sites to craft e-mails that look believable, but fail on some basics if you know where to look.
The three keys to identifying phishing scams are as follows:
- The e-mail appears to be from a reputable user and contains logos that give it that real feel. If you look closely at the sender, greater than 90% of them are not from the domain hvcc.edu.
- They ask for something that no one should ever ask you for and which you should never openly reveal. Your password. ITS does not need it.
- They use fear to compel you to haste. If you do not act in the next 72 hours…
The bottom line is they want your information and will use any tactic to get it, whether they ask directly in e-mail or lure you to another web site through a link in the e-mail.
Why do they want it? Because they can use you as a spam warehouse. But wait, there’s more.
Single Sign-On (SSO)
There are many facets of authentication. Over the years it has become necessary to remember many passwords. Technology has come to the rescue, once again, to alleviate some of this. Enter Single Sign-On (SSO). I will not bore you with the details of how it works, but suffice it to say it equates to the Tolkien one ring to rule them all model.
This should give you pause since providing your password to phishers means they can gain access to more than your e-mail. That’s right. Should the phishers become smarter, they will realize they have access to WIReD, Blackboard, SSL-VPN (H: Drive) basically anything to which you have access with that set of credentials.
Consider this very carefully. Many of us wield great power with our user credentials.
Stay safe.
Published: Fri, 03 Oct 2014 12:28:45 +0000 by w.jojo