Email scams are a common problem and one of the major ways that computer viruses are spread. Email scammers try to collect personal information and access to victims’ accounts through a process known as “phishing.” To help thwart such scams, Georgia Tech’s Information Security (IS) department makes it their duty to educate the public about how to spot phishing, and most importantly, how to avoid becoming a victim.

IS breaks phishing down into three types. In the first, known as the “Old Fashioned Scam,” the scammer directly requests personal information or money from the victim, often by engaging in email conversations to gain trust. In the second type of phishing, scammers send out messages with seemingly innocent links or attachments which, if clicked, download viruses on the victim’s computer and allow the scammer to access personal information. In the third type of phishing, “Fake Website,” the scammer contacts victims under the guise of a trusted source like a bank or health care provider and presses the victim to enter username and password information.

To help the GT community avoid these scams, IS offers campus departments and organizations free anti-phishing training sessions conducted on site upon request. Or campus units can opt for experiential training by participating in a “practice” phishing session, in which faculty and staff receive a mock phishing email from IS that imitates the real thing.

IS also suggests that computer users check the address of any emailed website link before clicking on it. Verify contact information to ensure that the sender and link are legit. If you aren’t sure, call the company or person who sent the email to find out if they actually sent it.

“Georgia Tech continues to implement technical solutions to prevent the bad guys from penetrating our networks and systems,” states Jimmy Lummis, Information Security Policy and Compliance Manager for IS. “The bad guys have switched tactics and are now focusing on manipulating our users into providing the information they’re after. Phishing is now the biggest cyber threat we face on campus, and user education is the only effective means of combating the threat. Reducing the rate of compromised accounts from phishing would greatly improve the Institute's risk posture.”

For more information on phishing and the ways to avoid it, visit www.security.gatech.edu. To find out about anti-phishing training, contact Jimmy Lummis at jimmy.lummis@oit.gatech.edu.