Click Wisely
Click Wisely
Be cautious of unexpected emails containing links, attachments or unusual requests.
Phishing is a type of social engineering attack in which the attacker impersonates someone else via email trying to trick you into revealing sensitive information, installing malware, or performing other actions that compromise security. Their goal is to steal your personal information or money. Harvard Information Security identifies and blocks millions of phish every week. Here are some strategies you can use for the ones that slip through.
When we receive a suspected phishing email, we check it out to determine the risk. If it is a phishing attack, we may take any of the following steps:
-
Breaking dangerous links so they don't connect to unsafe webpages
-
Blocking malicious files from being delivered to to inboxes in the future
-
Escalating the report to our security operations team to investigate compromised systems or accounts
Phishing can come in many different forms, from obvious-to-spot frauds to sophisticated deceptions, but they share some common characteristics. Before you take action, consider if the message you are reading contains these attributes.
- Does this make me feel anxious and reactive?
- Am I being asked to do something new, or do something normal but in a new way?
-
Will resolving this require providing a password, money, or data?
Revealing the Address
Desktops
Hover your pointer over a link without clicking. You will see the address pop up in a box somewhere in the bottom of the window or by pointer, depending on your browser.
Mobile Devices
Press a link and hold it until the link appears in a pop up box. In most cases, you will be given the option to follow the link, copy it, or open it in a new tab.
When you click a link, your browser is connected to the link's address. Phishing attacks often use close looking links to trick you. Legitimate partnerships may use the Harvard name in their links, but attackers can as well. Treat these links with caution. Misspellings should never be trusted.
Be wary of clicking links sent via email or text. Open a browser and directly type the legitimate address of the website you want to visit.
Harvard Addresses
Non-Harvard Addresses
Targeted Phishing Address
Verify the Sender
Look Closely at the Sender’s Email Address
Phishing emails often come from look-alike email addresses designed to impersonate friends and co-workers. By default, Outlook and Gmail only show the display name of the sender. To read the full email address, try the following:
Mobile device? Tap the sender’s name.
Computer? Hover the mouse over the sender’s name.
Imposters will use addresses that look like the real thing but are a bit off. If you aren't sure, contact the sender via text, phone, or a different, trusted email address to confirm the message's validity.
Services
If you receive an unexpected email about a lost package, security warning, or billing change don’t click the link. Simply visit the online store or service the way you normally would. If there is really an issue, you’ll see a notification there.
People
If you receive an out of the ordinary request or instruction from someone you know, make sure it’s really them. Call, text, or go face to face. Don’t email to confirm, as their email may be compromised without them knowing.
News/Entertainment
If someone sends you a link to the latest viral video or interesting bit of news, you can skip the link and use a search engine to find the content in a safer way.