{"186171":{"#nid":"186171","#data":{"type":"news","title":"Don\u2019t Be Fooled by a Phishing Email Scam","body":[{"value":"\u003Cp\u003EWhen John Stein, dean of students, received an email from an airline that was supposedly confirming a flight, it didn\u2019t even cross his mind that it could be a scam. \u0026nbsp; \u0026nbsp; \u0026nbsp;\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u201cI was scheduled to travel right around that time, so it looked legitimate to me,\u201d Stein said. \u201cBut when I clicked on the link, nothing occurred. Something inside me made me forward it to our division Office of Information Technology (OIT) staff member, and I asked him if I\u2019d made a mistake.\u201d\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EThe staff member told Stein that the email had been a phishing scam. The end result of clicking on the link in the email was that Stein didn\u2019t have access to his computer for an extended period while it was cleaned by OIT. \u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u201cA phishing email scam usually involves a bad guy trying to get an unsuspecting person to click on a harmful link and divulge sensitive information,\u201d said Jason Belford, principal information security engineer for OIT. \u201cThe problem is that these emails seem believable, and people make the mistake of doing what the email says.\u201d\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EIn 2012, 169 campus users were victims of a phishing scam. In most cases, phishing emails \u0026nbsp;appear to be from a person or company the recipient knows and include a call to action. For example, some emails will instruct recipients to click on a link and provide information to ensure one of their accounts isn\u2019t deactivated.\u003C\/p\u003E\u003Cp\u003E\u201cOnce the bad guy has your Georgia Tech username and password, he can do everything from send an unflattering email to your boss to change the location where your paycheck is deposited,\u201d Belford added.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EThe good news is that knowledge is power when it comes to not being a victim of these scams. Belford offers the following tips:\u003C\/p\u003E\u003Cul\u003E\u003Cli\u003EVerify the links. Analyze the link provided in the email by hovering your mouse over it. (Smartphone users can hold a finger on the link to see this information.) If it is a Georgia Tech site, the domain will be\u0026nbsp;gatech.edu. If the link is from a company you do business with, the domain will be the company\u2019s name. For example, UPS is ups.com and Microsoft is microsoft.com.\u0026nbsp;\u003C\/li\u003E\u003Cli\u003ELook for \u201chttps.\u201d Make sure the URL starts with \u201chttps:\/\/.\u201d\u0026nbsp;\u003C\/li\u003E\u003Cli\u003ENever respond. Never respond to a phishing email. Simply report it and delete it. Forward any phishing emails (as attachments) to phishing@gatech.edu.\u0026nbsp;\u003C\/li\u003E\u003Cli\u003ETrust your instincts. If something doesn\u2019t seem right, it\u2019s probably not. Don\u2019t make excuses as to why something could be valid. When in doubt, you can always ask your computer support representative for advice.\u003C\/li\u003E\u003C\/ul\u003E\u003Cp\u003E\u201cMy advice to anyone is to always err on the side of caution \u2014 no matter how legitimate something looks,\u201d Stein said. \u201cChecking with an OIT staff member first can potentially save you many hours of disruption.\u201d\u003C\/p\u003E\u003Cp\u003EOIT also offers a few training opportunities to help educate faculty and staff about phishing and how to avoid becoming a victim. One option is a 15-minute anti-phishing training session, which any campus unit can request.\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EUnits may also participate in OIT\u2019s fake phishing exercise where a scam email is sent to faculty and staff. If a person responds to the email with their username and password, he or she receives an immediate message stating that had the email been an actual phishing attempt, \u201cbad guys\u201d would have the employee\u2019s account information.\u003C\/p\u003E\u003Cp\u003E\u201cIf you respond to the fake email and receive our response message, don\u2019t worry \u2014 you won\u2019t get in trouble,\u201d Belford said. \u201cWe\u2019re just trying to reach out to people who are confused about which emails are legitimate and which emails aren\u2019t, before it\u2019s too late.\u201d\u003C\/p\u003E\u003Cp\u003EContact Belford at \u003Ca href=\u0022mailto:jason.belford@oit.gatech.edu\u0022\u003Ejason.belford@oit.gatech.edu\u003C\/a\u003E for more details about either of these training options. For more information about phishing, click \u003Ca href=\u0022http:\/\/oit.gatech.edu\/content\/information-security\u0022\u003Ehere\u003C\/a\u003E.\u0026nbsp;\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EWhen John Stein, dean of students, received an email from an airline that was supposedly confirming a flight, it didn\u2019t even cross his mind that it could be a scam.\u0026nbsp;\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"When John Stein, dean of students, received an email from an airline that was supposedly confirming a flight, it didn\u2019t even cross his mind that it could be a scam."}],"uid":"27445","created_gmt":"2013-01-23 14:02:32","changed_gmt":"2016-10-08 03:13:29","author":"Amelia Pavlik","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2013-01-21T00:00:00-05:00","iso_date":"2013-01-21T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"186011":{"id":"186011","type":"image","title":"Phishing Email Scam","body":null,"created":"1449179081","gmt_created":"2015-12-03 21:44:41","changed":"1475894833","gmt_changed":"2016-10-08 02:47:13","alt":"Phishing Email Scam","file":{"fid":"196152","name":"at_laptop.jpg","image_path":"\/sites\/default\/files\/images\/at_laptop_0.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/images\/at_laptop_0.jpg","mime":"image\/jpeg","size":1096426,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/at_laptop_0.jpg?itok=ncR5r1Ik"}}},"media_ids":["186011"],"related_links":[{"url":"http:\/\/oit.gatech.edu\/content\/information-security","title":"Information Security"}],"groups":[{"id":"1259","name":"Whistle"}],"categories":[{"id":"129","name":"Institute and Campus"}],"keywords":[{"id":"37611","name":"email scams"},{"id":"9299","name":"Office of Information Technology"},{"id":"4112","name":"oit"},{"id":"8111","name":"phishing"},{"id":"167055","name":"security"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003E\u003Ca href=\u0022mailto:amelia.pavlik@comm.gatech.edu\u0022\u003EAmelia Pavlik\u003C\/a\u003E\u003Cbr \/\u003EInstitute Communications\u003Cbr \/\u003E\u003Cbr \/\u003E\u003C\/p\u003E","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}