SECURIT?Y? REMINDER: Use caution when handling links in email, shared documents

Published

CSIT was alerted this morning to another instance of a phishing scam which employed the offer of a shared document as the enticement for recipients to follow a link.  While this particular scam had only a small distribution across our domain mailboxes, it provides a good opportunity for reminder concerning email security.

Our “cloud connected” environment provides opportunities for collaboration and efficiency but also opens opportunities for abuse.  Documents shared as attachments might be legitimate requests for review or comment, but might also be a vector for malicious software.  The link in a message to a shared document might be genuine, but might also be a phishing scam intended to harvest confidential information such as your account password.  The request for your digital signature on a document might be real, but might just as easily be part of a scam.

Please use caution when handling your NWU email.  Regardless the apparent source of the message, take a moment to confirm that the actual sender address matches the apparent sender.  Do not rush to open email attachments, particularly if you were not expecting to receive any documents.  Confirm that links embedded in email messages actually point to locations at which they are described to point.  If you do follow an embedded link and reach a web page prompting for login credentials, take a moment to examine the details of the page and the URL displayed in the browser.  Look for any mismatches between the display on the web page and the location in the browser, including an subtle misspellings.  If possible, avoid handling important email messages on mobile devices whose email clients tend not to display message details.

Thank you for being cautious and reporting any suspicious email to CSIT.