Identifying Phishing Attempts

With the worlds reliance on technology for daily life its almost unavoidable to conduct certain personal and work related tasks without using an internet connected device. As a result our devices and online accounts often contain sensitive information or privileges that bad actors could use for personal gain. One of the most common methods used to steal this information is known as Phishing, which involves fraudulent messages sent through email, text messages, and phone calls. Phishing can take many forms; showing up as a simple text instructions to call a certain phone number, a link to a file or form, or a downloadable document attached to an email. The aim is to engage the target in a way that will have them provide information that the scammer can use for their benefit. This article goes over some of the more common phishing attacks that you may encounter and how to identify and report them.

Basic Types of Phishing

Spoofing - Involves the attacker imitating or "spoofing" a known individual or organization in an attempt to trick the target. This can be as simple as an email account that uses the same name as a colleague or as complex as imitating an invoice from a vendor with convincing formatting and branding.

Malicious Attachments/Links - Usually paired with spoofing, malicious attachment or link scams will try to trick the target into downloading a document or following a link. Clicking on these attachments could install malware or direct the victim to a fake login screen that would be used to steal their personal information.

Malicious Drive Shares - Essentially the same as a malicious attachment/link, but uses Google drive to share the malicious content. The fact that these notifications are come from a legitimate service makes it extremely difficult for spam filters to catch. Blocking file shares, even those coming from non-Bard accounts isn’t an option given how much the community relies on these services for our work and studies. No matter how “legitimate” a file share might appear, it’s generally easy to spot a phishing attempt if you know what to look for. Check below for a graphic on how to spot illegitimate Drive share requests.

Smishing - This type of attack can involve any of the other methods listed, but is initiated through a text message (sms message) sent to a targets mobile device. Text messaging and mobile apps are a major vector for increasingly common "Pig Butchering" scams.

What to look out for

Messages that come from outside the Bard domain, but use the account or display name of a colleague, employee, or student. You can view the actual email address, including the domain name of a sender, by clicking the down arrow found in the top left corner of the message (see below).

Messages that attempt to convey a sense of urgency (“respond now”, “call me asap”, ”account expiring”, etc.).

Messages asking you to take an action or complete a task that would be unusual (for example, a message appearing to come from the president’s office requesting that you review payroll documents).

The image below shows what to look for when identifying a malicious Google Drive share

If you ever receive an email that you suspect might be impersonating a Bard student or employee, please contact the Helpdesk to investigate. You can also reach out to the individual using their known @bard.edu email or known phone number to verify that they sent you the message. Do not forward any potentially malicious emails to anyone other than helpdesk@bard.edu .