Phishing

Phishing

Phishing has quickly become one of the most common and effective attacks to compromise an organization's security and illegally access information and assets. These attempts to trick individuals into revealing private information have no end in sight, but following some basic guidance can help reduce the odds of becoming a victim:

  • Don't trust email from unknown senders and don't open their attachments.
  • If an email seems suspicious, verify the sender through trusted contact information.
  • Hover your mouse icon over hyperlinks to ensure the destination matches the URL.
  • Read the full destination URL when hovering over hyperlinks or when viewing a linked page.

If you think you may be involved in a phishing incident, contact the UWB-IT Service Desk for support.

Reading URLs

Speaking of checking the destination URL, how do we know a good URL from a bad one? Webpage URLs consist of multiple parts that compose the final destination, for example:

  • http://www.uwb.edu/
  • This is a good link! "UWB" is the second Level Domain and "EDU" is the top Level Domain
  • http://www.uw.b.edu/
  • This is a bad link! It has a 3rd level domain of "UW", a 2nd level domain of "B", and a top level domain of "EDU". So, this link would actually send someone to the website "b.edu", not "uwb.edu"

Now, what about this one:

  • http://www.uwb.edu.dll.ca/homepage.htm
  • This is a bad link! The top level domain is before the first slash " / " mark, so even though this URL contains the correct "UWB.EDU", it's actually a sub-domain site for website "DLL.CA".

These are just a few of the ways phishers attempt to trick people into trusting malicious webpages, it's up to everyone to remain vigilant and report phishing attempts when they're encountered.