Phishing: How to Protect Your Computer

What is phishing? Phishing email messages are emails designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data. Today it is the most common attack vector in trying to compromise a computer system.  A simple e-mail message causes more damages to computer systems and fraud around the world than anything else.  In the past week alone, state government has had 3 individuals forfeit their computer credentials via phishing messages and resulting in compromised systems.  Fortunately, defense systems identified the compromise before permanent damage was inflicted.  We might not always be so lucky, though.  Phishing messages appear every day in our system and we need to recognize them when they appear.

Phishing e-mail messages take a number of forms:
  • They might appear to come from a friend, colleague, business you regularly do business with, or from social networking site.
  • A variant called spear phishing is a targeted form in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the organization, such as the head of human resources or I/T.  They are more specific in that the topic of discussion is specific to an interest of yours.
  • They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don't respond.
  • They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.
  • They might include links to fake Web sites where you are asked to enter personal information.
While as much as 50% of email received by the State gets filtered and quarantined as phishing or in some way infected, there are many which still get through. Many times it is due to the spammers changing the “from” address so that our filters can’t keep up. BIT will continue to maintain effective filters to prevent as many harmful messages from getting through as possible.
For the few malicious messages which do end up being delivered to State users, we have created the following mailbox for your use:
Report Spam (Listed on Global Address List) or
All messages emailed to this address will be monitored and reviewed by BIT to better protect and safeguard the State’s users and data. We continue add web sites to our blocked list every week. Messages appearing to be harmful or dangerous will be blocked from that point on so that further messages of that type will not be delivered.
If you ever have questions or doubts in regards to a message, phone call or technology request – do not hesitate to contact BIT for assistance. We are always willing to answer questions. Please be aware, BIT will never ask you for your username and password, or any other personal information, via email. Again, if you receive a message that appears to be offensive or dangerous, or desiring personal information from you, please remember to forward it to the above address or call the BIT Help Desk at 773-4357.
Parts of this notice were taken from Microsoft advisories

Popular Posts