Moving at short notice from a trusted office environment to working remotely can create security risks. There has been an increase in coronavirus-related phishing attacks, according to European cybersecurity agency ENISA.
Follow this security advice to ensure a secure working environment at home:
- Try to not mix work and leisure activities on the same device.
- Be particularly attentive with any emails referencing coronavirus.
- Be suspicious of any emails asking you to check or renew your passwords and login credentials, even if they seem to come from a trusted source. (TWU IT Solutions and Service Desk will never ask you for your password!)
- Ensure your Wi-Fi connection is secure.
- Ensure anti-virus is in place and fully updated.
- Have a data back-up strategy and remember to do it: All important files should be backed up regularly.
- Check all security software is up to date. Privacy tools, add-ons for browsers and other patches need to be checked regularly.
Watch for spoofs
Given the “new normal,” malicious actors are taking advantage of our distraction to run gift card scams. They email you pretending to be a person in authority at the university, typically using casual language and one or two sentences to draw you into conversation. At some point, they ask you to purchase gift cards. Don’t fall for fake!
Best practice is to review the sender’s email address, which will almost always be something other than @twu.edu. View suspicious emails in a web browser, rather than on a mobile device to see more details to avoid replying or clicking on dangerous links.
Don’t be phished!
Phishing attacks are delivered via email. Most commonly, a phishing email uses a sense of urgency to direct the victim to visit a website designed to steal the victim's account credentials. Some phishing attacks are straightforward, for example, "Update your password now!!!!" and can easily be detected because they typically are not written well (poor grammar and word choice).
However, some attacks are sophisticated, look like they come from a trusted contact, are well written, and lead to a site that closely resembles the spoofed website. If you receive a communication that asks you to give your account credentials or personal information (for example, your Social Security number, birth date, or credit card number), DO NOT click the email link. Instead, go directly to the expected website and verify that the communication came from that organization.
Always be cautious before following links that require you to enter your username and password. By following these simple precautions and working with IT Solutions Service Desk, we can make phishing attacks a thing of the past.
Learn how to recognize and report phishing.