Cyberscams have become old hat, and everyone has acclimated to the ploys of online criminals and their attempts to steal passwords, personal information, and ultimately money. Now the Phisherman are moving into the water with a more convincing scam. Whaling, also known as Spear-Phishing, is an effort toward catching a 'bigger fish', which could be an executive, payroll employee, or someone similar in an organization who has a specific role dealing with the private sensitive data of a large amount of employees.
In 2016, more than 50 organizations have been successfully targeted by W-2 spear phishing attacks since January. The IRS has reported a 400% increase in these types of incidents specific to tax information this year. Indiana State University employees have been excellent in identifying some seemingly authentic requests thus far, but one of the best tools for preventing a Whaling incident is user awareness.
If you are asked to reveal personal or financial information of Indiana State University students, faculty, of staff via email by an Indiana State University employee or any other individual, you should not respond. Call them, confirm the legitimacy of their request, and discuss a secure method of transmitting this type of data. Also, never hesitate to contact your OIT area consultant, or forward the email message to firstname.lastname@example.org, where OIT personnel can review the authenticity of the email and act accordingly.
Do not just click on links in emails, but instead copy them into your web browser to verify their validity. This includes Indiana State University OIT links in emails too!
No Indiana State University employee will ever ask for a username and password in email or over the phone.
If you think your username and password have been compromised, call the ISU OIT Help Desk at 812-237-2910.
Click here to read the full article.