As other forms of online security grow stronger, online criminals are looking more and more towards the end user as an attack vector as well as a victim. Phishing attacks, which trick the user into voluntarily giving up their personal information to a source that they think they can trust, are increasing dramatically. At the same time, these attacks are becoming more sophisticated in their ability to confuse their victims and earn their trust. For example, phishing attacks frequently take the form of fraudulent emails that tell users that their account has been compromised and that they need to reset their passwords. They then direct users to a fake website that resembles the one they expect to see and ask users to enter their credentials. Once the victim enters their username and password, attackers are free to use those to impersonate the victim. Attackers are quickly learning to trick their victims by including the victim’s name in the subject of the email, among other things. Other forms of phishing attacks could include email attachments that, when downloaded, can infect the victim’s computer.
UW has an excellent system for telling students about ongoing security issues, including emails being sent to the entire system when attacks are being reported against UW students. However, the best way to fight phishing attacks is learning the ability to tell the difference between a trustworthy and untrustworthy email. Paying close attention to spelling and grammar in a given email and looking for consistency in information given can be an effective tool to keep oneself from being tricked.
For more information on this topic click here.