Harvard’s Chief Information Security Officer, Christian Hamer, recently sat down with the Harvard Gazette to discuss the rise of Phishing attacks. Phishing attacks are ever increasing at Harvard because, as Hamer states, “There’s a reason cyber attackers use phishing emails — they are cheap, low-tech, and they work”.
To stay safe online, Hamer recommends the following best practices.
- Don’t click links or attachments in suspicious emails. Until you can verify that an email is legitimate, skip the links. Dangerous URLs, often hyperlinked with friendly language like “click here,” and attached documents may contain malware or ransomware, or lead to a fraudulent website set up by attackers.
- Trust your instincts. In some cases, phishing emails and fake websites can look official. Phishing emails may even appear to come from a known sender. What gives them away may be subtle — an unusual salutation, an urgent or uncharacteristic request, an unofficial-looking URL. If something seems odd or surprising, be suspicious: It could be phishing.
- Don’t be intimidated. A common phishing tactic is to threaten penalty, loss of service, or other consequences for not acting quickly. Slow down and look at the message carefully. Could it be a phishing attack?
- When in doubt, reach out. If you don’t trust an email, the best course of action is to call or text the alleged sender, or open a browser and type in the official website URL to learn more.
- Never, ever give up your username and password. Legitimate organizations, including Harvard IT support staff, will never ask for your username or password, especially via email.
Report suspected phishing that is delivered to a Harvard email account by forwarding emails to firstname.lastname@example.org. More information on how to “Click Wisely” can be found on the Information Security Office website.
You can read the full interview at: https://news.harvard.edu/gazette/story/2017/11/harvard-expert-offers-best-practices-to-thwart-phishing-attacks/