We are InfoSec: Members of the Information Security team at KAUST IT
Our Mission: To enable you to be a Human Firewall by shielding yourself, your family and KAUST from today’s cyber attacks
Attackers work hard to make their phishing emails convincing. For example, their email may look like it came from someone or something you know, such as a friend or a trusted company. They may add logos of your bank or forge the email address so the message appears more legitimate. The attackers then send these phishing emails to millions of people. Phishing is similar to using a net to catch fish; attackers do not know what they will catch, but the bigger the net, the more fish they will find.
Protect yourself and our organization by being alert to these signs of a phishing attack:
- Messages directed to “Dear Customer” or some other generic greeting.
- Messages requiring immediate action or creating a sense of urgency, such as threatening to close down your account.
- Messages claiming to be from an official organization, but having grammar or spelling mistakes or using a personal email address, such as @gmail.com, @yahoo.com, or @hotmail.com.
- Messages pressuring you to bypass our security procedures. These types of attacks often happen when a cyber attacker is pretending to be your supervisor or coworker.
- Messages requesting highly sensitive information, such as your credit card number or password.
- If you receive a message from someone you know, but the tone or message just does not sound like him or her, be suspicious. Call the sender on a trusted phone number to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.
- Before you click on a link, hover your mouse cursor over it. This will display the true destination of where it will take you. Confirm that the destination displayed matches the destination in the email and make sure it is going to the organization’s legitimate website. Even better, type the proper website address into your browser. For example, if you get an email from your bank asking you to update your bank account, type your bank’s website address into your browser, then log in to the website directly.
- On a mobile device? No problem. Simply hold your finger down on the link and you should see the true destination in a pop-up window.
- Only open attachments you were expecting. Infected email attachments have become a very common attack method. In addition, many of the infected attachments cyber attackers use today cannot be detected or blocked by anti-virus.
Attackers have developed an even more dangerous email attack than phishing called spear phishing. Instead of sending out millions of emails to random people, this attack targets only a few people within our organization. The reason these targeted attacks are more dangerous is because of the extensive research the attackers do. They begin by analyzing who works in our organization, then target specific employees (such as you) and collect information through sites such as LinkedIn or Facebook. Once they have learned everything they need, they create a highly customized phishing email designed to fool you into clicking on an infected attachment or malicious link.
Spear phishing attacks are much harder work for cyber attackers, but are much more effective than generic phishing emails and are also much harder for us to detect.
It is your job to use email safely and be on the lookout for phishing attacks. If you receive a phishing attack, or if you are not sure if an email or message is a phishing attack, report it or contact us at phishreporter@kaust.edu.sa.
KAUST Information Technology
We make IT happen!