Security

Phishing Simulation Project

Phishing Simulation Project

Hofstra University is continuously raising awareness on Information Security. Beginning in October 2014, the Information Technology Department will periodically send phishing email simulations to help hone skills in recognizing phishing emails. If you handled the phishing email correctly, you may not even know you received it! If you fall for the simulated phishing email, you will be re-directed to tips on how to recognize phishing emails.

Want to see whether or not you clicked through one of the simulation phishing emails? Click here to see a list of what we have sent out so far!

What is Phishing?

Phishing can be defined as a type of social-engineering attack, usually by email, designed to steal your information. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Spam vs. Phishing – What’s the Difference?

  Spam Phishing
What is it? Usually advertising of some kind. Spam emails are annoying, but generally harmless. Malicious in nature. It is an attempt to steal information from you.
What’s in it? It is not trying to get you to click a link, open an attachment or to take any other action. Usually sounds urgent and has a call to action. It wants you to click on a link to either a website to get your username or password, or a link to malware. A phishing email can also ask you to download and open an attachment, usually containing malware. In both scenarios, malware can take over your machine without your knowledge. Learn more about Phishing Indicators below.
What can I do about it? You can choose to block a sender by right-clicking on the email and selecting Junk, then choose Block Sender or Junk E-mail Options. If you have ANY suspicions about an email, forward it to phishing@hofstra.edu. Do not click on any links or open any attachments.

Phishing Indicators: How to recognize a phishing email

Click on the below infographic that provides tips on how to recognize a phishing email. Source: SANS Institute.

Image
Image of PDF: Don't Get Hooked

 

How to Deal with Phishing Scams (sourcewww.consumer.ftc.gov)

  • Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text.
  • The messages may appear to be from organizations you do business with -- banks, for example. They might threaten to close your account or take other action if you don't respond.
  • Don't reply, and don't click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites -- sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
  • Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a "refund." But a local area code doesn't guarantee that the caller is local.
  • If you're concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

I received a phishing email. What should I do?

Send the suspected email as an attachment to phishing@hofstra.edu and delete the email immediately.

Tip: Instructions on how to send an email as an attachment.

I’m not sure if I received a phishing email. Who can I contact?

If you are not sure, contact the Help Desk at 516-463-7777 for assistance.