Data Privacy & Security Service Digital Digest Spring 2017

Data Privacy & Security Service

Issue 8

PHISHING ATTACKS – ARE YOU AT RISK?

Article by New York State Office of Information Technology Services:

One of the most common online scams is called phishing. Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by masquerading as a trustworthy entity. Online scammers will pose as legitimate busi- nesses, organizations or individuals. If they are able to gain the trust of their victims, they can leverage this trust to convince victims to willingly give up information or click on malicious links or attachments. Online scammers can make their communica- tions appear to be those of legitimate businesses or organizations by spoofing the email address, creating a fake website with legitimate logos, and even providing phone numbers to an illegitimate customer service center operated by the scammers.

Two common types of phishing attacks:

In This Issue

Page 1:  Phishing Attacks– Are You at Risk? Page 2:  Phishing Attacks (Continued)  Attack Your Friends to Save Your Data  Schools Are Not Immune from Phishing Attacks Page 3:  Parental Consent, Opting-In and Out  The LinkedIn Phishing Attack: How They Did it  Comptroller’s Corner Page 4:  A 10-Digit Key Code to Your Private Life: Your Cellphone Number  Products for Parents  How Well do you Know Texting Lingo? Page 5:  A Not So Funny Accidental Order  Recent Data Breaches  NY District Targeted by Phishing Attack

 Phishing Email – One of the best known forms of phishing is an email scam. An email, purporting to be from a popular company, may ask you to click on a link in order to fix a problem with your account. In other instances, the

email message may threaten to close your account if you do not respond. Scam- mers often use threats that your security has been compromised in order to in- crease the likelihood that the recipient will respond.  Spear Phishing - Spear phishing is a personalized email attack in which a spe- cific organization or individual is targeted. These attacks are prepared using infor- mation about an individual to make the email appear to be legitimate and induce the recipient to divulge sensitive information or download a malicious file. Such preparation is often based on extensive information gathering on the targets and has become one of the favored methods used in cyber espionage.  Phishing scams can be difficult to identify, however being aware of the threat and being vigilant in examining emails can reduce the risk that you will fall prey to such an attack.  Be cautious about all communications you receive, including those that purport to be from "trusted entities." Be careful when clicking any links contained within those messages. If in doubt, do not click.  Do not send your personal information via email. Legitimate businesses will not ask users to send sensitive personal information through email.  Keep an eye out for telltale signs - poor spelling or grammar, the use of threats, the URL does not match that of the legitimate site.  Be wary of how much information you post online. The less information you post, the less data you make available to a cybercriminal for use in developing a potential attack or scam. Recommendations:

Questions to think about:

Where is your district data?

Who is responsible for data in your district?

Do those responsible for data know

1

Made with FlippingBook flipbook maker