It’s Cyber Security Awareness Month and this week we’re talking about email.

Email is one of the easiest ways for cyber criminals to target ordinary citizens.  Here are a few risks to be aware of when it comes to your email:

  • A weak email account password could leave your personal information vulnerable –  create passwords that protect you and use two-factor authentication when possible
  • Spyware may be sent as an attachment in an email and allow criminals access to your information.
  • Viruses can spread through email to your entire contact list without you knowing it.
  • Email phishing scams can trick you into opening attachments or giving up personal information. They appear to be emails from organizations or companies you trust, but they’re often the gateway to identity theft.
  • Spam can get through your filter and inundate you with unsolicited email.

If you receive an email from an address you don’t recognize, your first thought should be: is this email legitimate?  But know that malicious emails can also come from an address that you do recognize – perhaps their account got hacked and is now being used to spam people.

There’s a good chance an email is a phishing attempt if:

  • It asks you for your password or directs you to a web form asking for your password
  • If the link within the body of the message points to a non-Carleton email address
  • The subject line is in all caps
  • There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
  • There are spelling or grammatical errors in the email

It’s important to be able to recognize a phishing attempt and, most importantly, not be baited.

What do you do if you receive a phishing email? A good rule of thumb is to automatically delete anything that looks out of the ordinary or if you’re not quite sure, you can forward it along to the ITS Service Desk.