IT Security is here to help MC employees!
When in doubt, report suspicious emails by clicking the Report Phishing button, available both in Outlook and in Office 365 (on the web or mobile device). Reported emails are analyzed by trained IT staff, and, if found to be legitimate, are returned to the user with an explanation. It is always safer to report than to gamble with your account security.
Look for these clues to spot a phishing attack:
Urgency: The message urges you to act quickly before something bad happens. It may threaten that your account is about to expire, or that you may face legal consequences if you don’t act immediately. Beware: the attacker wants to rush you into making a mistake.
Pressure: The message pressures you to bypass or ignore policies or procedures at work. Always follow College procedures.
Curiosity: The message invokes a strong sense of curiosity or promises something that is too good to be true.
Sensitive: The message includes a request for sensitive information, such as a credit card number, password, vendor identification, or any information that you are just not comfortable sharing.
Official: The message says it comes from an official organization, but (1) has poor grammar or spelling, or (2) comes from a personal email address, such as @gmail.com or @hotmail.com. If you are not sure whether a message is legitimate, call the organization to double check, but use a trusted phone number, such as one from their website—not contact information provided in the email itself.
Impersonation: You receive a message from a friend or co-worker, but the tone or wording does not sound like them. If you are suspicious, phone the sender to verify they sent the message. It is easy for a cyber attacker to create messages that appear to be from someone you know. In some cases, they can take over one of your friend’s accounts and then pretend to be your friend when reaching out to you. Be particularly aware of emails that appear to be from your supervisor, asking you to purchase gift cards: this is a scam.
Take the required Data Security training available through MC Learns.
Data Security@MC training is available now! Staff and faculty must complete this by June 30, 2020, but take the training today and get ahead of the curve. This online training provides tools and knowledge to better protect personal MyMC data and College business data. Broken up into convenient modules, it takes only about 35 minutes to complete. Don’t fall prey to cyber attack: use this opportunity to strengthen your defense (and the College’s defense) to data security threats.