Recognize the bait: Don’t get phished!

You are here

Phishing written on keyboard key

October is National Cyber Security Awareness Month, a nationwide initiative to raise awareness about the importance of cybersecurity. As data breaches and other cybercrimes continue to make headlines, it's more important than ever to be aware of potential security threats to your data and to take precautions to keep yourself safe online.

Let’s talk about one of the most common types of online security threats -- the phish.

Students, faculty, and staff often receive phishing emails with links that claim to lead to official Lehigh websites, but actually take visitors to malicious imitation sites. When you enter your username and password on one of those fake sites, the attackers have successfully phished you and now have the keys to steal personal, financial, or other sensitive information.

"Stay alert and be cautious," said Eric Zematis, Lehigh chief information security officer. "Attackers often attempt to use emotions to trick people into responding. Beware of messages that create a sense of urgency or fear if you don't respond. We are also seeing messages that appeal to natural helpfulness or curiosity. "

Zematis offers the following tips for staying safe from phishing messages:

  • Use caution with attachments. Email attachments are the most common vector for malicious software. Unless you were expecting it and are absolutely certain it is legitimate, delete it!
  • Confirm identities. Phishing messages can look and sound official. Cybercriminals steal organization and company identities, including logos and URLs that make emails appear to come from a trusted source. It’s easy to impersonate schools, businesses, financial institutions, retailers, and a range of other service providers.
  • Check the sender's email address. Any correspondence from official Lehigh sources will likely come from an organizational email address, such as @lehigh.edu. For example, a message from the LTS Help Desk will not come from IThelpdesk@yahoo.com.
  • Be wary of messages with numerous writing or grammar errors. Phishing emails often contain spelling errors or malformed sentences with poor punctuation and formatting.
  • Don't click links in suspicious messages. If you don't trust an email, don't trust the links in it either. Beware of links that are hidden by URL shorteners or text like "Click here." Hover your mouse pointer over the link to see where that link will actually direct you.

Anyone who has responded to suspicious email messages should immediately contact Lehigh’s Information Security Office at security@lehigh.edu.

Those who have clicked through such an email and entered their Lehigh username and password into a fake site should go to the LTS Account Services page to change their password and revise security questions and answers.

If you have any questions about an email’s legitimacy or whether it poses a threat, contact the LTS Help Desk at 610-758-4357 or LTS Information Security at security@lehigh.edu.