Email remains one of the most common and effectively exploited threat vectors in Middlebury's digital environment. In order to better prepare our community for email-based threats, the Middlebury Information Security team has opted to implement a phishing self-assessment program. The objectives of this program are as follows:
- raise community awareness of email-based threats
- publish anonymous metrics to track trends over time
- demonstrate common tactics by bad actors in order to enhance our ability to effectively spot an email phish
Our goal is not to penalize any community member who clicks on an email phishing link, but rather to start a conversation about the risks involved in email phishing and to provide tips for preventing account compromises. If you did click on the link, your account is secure, and there is no need to change your password at this time. You will be assigned a brief online training module. In addition, we recommend you take a few moments to review the information below on how to spot phishing attacks.
How to Spot Phishing Emails:
When you're unsure whether an e-mail is legitimate, ask yourself these questions:
- Do I normally receive messages from this person?
- Am I expecting to receive a message from this person?
- Does the message that this person sent line up with messages they typically send me?
- If you know the person well, does the email sound like something they'd write? (Grammar, spelling, tone)
- Is the person asking you to do something with a sense of urgency?
- Is the person asking you to do something related to a financial transaction?
Phishing webpage clues:
- Watch the URL bar in the top of the browser window, phishing pages will have a random URL that is not a Microsoft webpage
- Some URLs may be close to what you'd expect, but have slightly different spelling. For example: http://www[.]m1iddlebury[.]edu