Tech Tips: Be Suspicious to Avoid Getting 'Phished'

Every week, Phillip Batton faces at least two or three major attacks against the Duke community.

Last week was no exception: Thousands of Duke users received fraudulent messages containing a file attachment that, if opened, installed a piece of "ransomware" called Cryptolocker. The malicious software is designed to encrypt all of a user's files and then demand a payment to unlock the files. The attacks led to more than 20 locked Duke accounts.

"Phishing is still very prevalent on campus. It takes very little time and effort for attackers, and the potential payoff is huge," said Batton, an analyst for Duke's IT Security Office. "The larger the user population, the likelier it is to get a handful of people to provide their information -- and all it takes is one."

At a recent "Learn IT @ Lunch" session sponsored by the Office of Information Technology, Batton offered the following tips from Duke's Information Security Office:Be wary of emails containing spelling and grammar mistakes and threats or a sense of urgency. Both are indications of possible phishing attacks. A common tactic is to threaten the recipient with account closure if they do not act with haste. The best course of action is to contact the purported sender by legitimate means to verify the email's claims. (For example, call the OIT Service Desk at Duke.)Check before you click on a hyperlink. Mouse over the link to be sure you're aware of the actual destination before you click on a URL. Online services such as GetLinkInfo.com can help expand and preview such links before clicking through to untrusted domains.Remember that the logo you see isn't always what you get. Cybercriminals know that if they include a logo or common graphic into an email that the recipient is more likely to trust the validity of the message. Be aware that images linked to the legitimate website/company can be spoofed and do not necessarily ensure communications originated from the purported sender. Be suspicious of attachments. Be wary of enticing file names or certain file types (such as .exe, .zip or .bat) especially when the sender is not known. Look at the sender and reply-to information in message headers. Be cognizant that these addresses can be spoofed, and try to identify whether or not the address is actually from the supposed sending party. For example, some phishing attacks that purport to be from the "Helpdesk" come from an email address that isn’t help@oit.duke.edu. Some messages may not even come from the @Duke.edu domain. If those addresses are not related to the institution that's supposedly sending the email, immediately question its validity.Duke's IT Security Office sends out regular alerts when an attack is reported and confirmed. To subscribe to those alerts, visit security.duke.edu.