Portland Community College | Portland, Oregon

Phishing

Posted by matthew.brehm15

We have all experienced receiving an unwanted email from a malicious actor, attempting to scam or otherwise trick us into providing personal information. These types of attacks are called Phishing Attacks. Attackers, ranging from individuals to well organized groups, will send out mass malicious emails to try and “fish” for targets to infect with malware, or trick into providing sensitive information. These messages often appear to come from legitimate entities, organizations you have worked with in the past, and even those we work with who hold positions of authority.

Sometimes, these attackers will target specific individuals who are known to have privileged access or highly sensitive information with extremely convincing, complex, and customized scams. These highly-targeted phishing attempts are called Spear Phishing Attacks.

PCC’s Information Security team takes a number of precautions to prevent these types of attacks from reaching your inbox, but technological controls alone are not enough. Having a well informed community who are able to recognize scammers and other malicious parties is the most important preventative measure to stop these attackers in their tracks.

Here are some tips to help protect yourself and the PCC community from phishing attacks:

• Verify the identity of the sender. This is especially important when an email arrives unsolicited, or if the sender appears to be an individual in a position of authority.
• Before clicking a link (including Google Drive share links) or downloading a file, check for red flags such as the website address matching what is expected. You can always contact the other party yourself by using Google or calling them at a known number instead of clicking a potentially risky link.
• Never provide your password or other sensitive data to an unsolicited email.
• Additional tips from Google to identify phishing.

If you receive a suspicious email, you can use the Google tools to mark the message as “Spam” or “Phishing”. Marking an email as phishing within Gmail will immediately create a Service Desk ticket that is routed to our Information Security team. Messages marked as spam also alert our Google Administrator and Information Security team.

Finally, it is worth noting that these malicious parties can be creative with their attacks. Even the most savvy person can be taken advantage of. If phishing didn’t work, then malicious actors wouldn’t use this type of attack. The most important thing is to work immediately with Information Security to stop the attacker before more harm to PCC and you can occur. If you believe that you have been involved in a phishing attack, immediately reach out to the Service Desk.

Phishing attacks are extremely common. According to Retruster, 90% of cyber attacks in 2019 were caused by phishing. Keeping an eye out for malicious actors and working together to keep them from attacking PCC helps create a safe and welcoming environment for all.