Cyber Security - Technology Services

Cyber Security

Important Security Warning: Beware of Phishing Emails

We have noticed a recent increase in the number of “phishing” emails coming to Gordon-Conwell email addresses. Phishing emails are scam emails designed to appear authentic; they attempt to deceive recipients into providing sensitive personal information by masquerading as people or organizations they know and trust. This detailed article from the Privacy Rights Clearinghouse has valuable tips for how to identify phishing emails and protect yourself and your personal account information from these attempts at identity theft: https://www.privacyrights.org/blog/watch-out-phishing-emails-attempting-capture-your-personal-information

Below is a 2-PART series titled

  • PART 1: How do I figure out whether an external email is suspicious?
  • PART 2: How do I figure out whether a Gordon-Conwell email is suspicious?

We hope that this will help you discern if you have received an email from a cyber-intruder. If you receive an email that appears to come from a trusted source but sounds suspicious and/or asks for personal information, please take precautions. Do not reply to the email, click any links in the email, or open any attached files. Instead, go straight to the purported source to verify the request (by phone or in person), and please forward the suspicious email to [email protected] for review.

How do I figure out whether an external email is suspicious?

PART 1: To see if you could be caught by phishing, please take the 5-minute quiz below and then review the article on avoiding phishing scams.

Security is all about knowing whom and what to trust. When you receive an email, ask the following questions:

    1. Do I know the sender?
    2. Should I really open that file or click on that link?
    3. Did I really order something from this company?
    4. Does the information requested sound like something the requester would ask me?

These are key questions you should ask every time you receive an email. The problem with phishing is that emails are purposely designed to appear authentic. This makes discerning a phishing email attempt quite difficult. In order to help you better detect a phishing email, we have provided you with: 1) a 5-minute quiz with real life examples of what an external phishing email may look like and 2) a article detailing how to avoid phishing scams.

Step 1. 5-minute quiz: https://www.sonicwall.com/phishing/phishing-quiz-question.aspx

At the end of the quiz, please review your results and each of the corresponding explanations, particularly if you got an answer wrong. (Please click on every “why” link.)

Step 2. Article: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

If you receive an email that appears to come from a trusted source but looks suspicious and/or asks for personal information, please take precautions. Do not reply to the email, click any links in the email, or open any attached files. Instead, go straight to the purported source to verify the request (by phone or in person), and please forward the suspicious email to [email protected] for review.

How do I figure out whether a Gordon-Conwell email is suspicious?

PART 2: Please review an example of an internal suspicious email and how to quickly validate the source. This section should take less than 5 minutes.

In Part 1, we examined how security is all about knowing whom and what to trust. When you receive any email, ask the following questions:

    1. Do I know the sender?
    2. Should I really open that file or click on that link?
    3. Did I really request or order something from this company?
    4. Does the information requested sound like something the requester would ask me?

In Part 2, we shall examine how an internal phishing email with a gordonconwell.edu FROM: address may appear.


STEP 1: Question

Say you are part of the Finance team at Gordon-Conwell. What if you received an internal email from someone important like the seminary president that looks like this?

image

In internal phishing emails, cyber-intruders usually try to mimic the most important person(s) in an institution to obtain personal information. Here, Question 4 above is important: Does the information requested sound like something the requester would ask me?


STEP 2: Validate

Although the email above appears to be from the correct person, do not naturally assume that it is from the seminary president. In many cases, cyber-intruders use a technique known as spoofing to trick the end user with internal-looking forged email addresses.

Here is a quick and easy way to validate the actual source of the email.

Click reply.

image

Double-click on the name of the sender.

image

Examine the email address.

image

Note: Please read carefully. In the example above, it is from g0rd0nc0nwell.net, not gordonconwell.edu or gcts.edu.

Close the email and remember: DO NOT CLICK SEND.

Please forward the suspicious email to [email protected] for examination and action.


STEP 3: Verify

In the event that the email address is valid (from gordonconwell.edu or gcts.edu) but the email still looks suspicious, contact the sender to verify the request (by phone or in person). If the email is from anyone in leadership, remember to always contact their administrative assistant to verify as they may be traveling.


Whether you are part of our faculty, staff, or student body, take a moment to pause and always examine the source of the email. We hope that our 2-Part series has been informative and helpful for you. As an IT team, we are always committed to working with you. Together, we can ensure that your personal information and that of our seminary is secure.

Please contact us at [email protected] if you have any feedback or questions.

Contact Us

Do you have a technology-related issue or request? Let us know how we can help you!

Email