April: Don't Get Hooked

Sample Tweets, Posts, and Materials to Increase Phishing Awareness

min read

Campus Security Awareness Campaign 2016
This post is part of a larger campaign designed to support security professionals and IT communicators as they develop or enhance their security awareness plans. View the other monthly blog posts with ready-made content, as well as a printable calendar with the 12 topics. Learn more.

Phishing attacks pose a major risk to any organization. Since these threats won't go away any time soon, we need to continue to educate our end users about the warning signs of phishing, the potential risks of falling prey to an attack, and how they can protect themselves from getting hooked. Below are some ready-made messages that you can customize for your community.

Get the Word Out

Newsletter Content

You may not realize it, but you are a phishing target at school, at work, and at home. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks.
  • Avoid opening links and attachments. Even if you know the sender, don't click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender's e-mail address to make sure it's legitimate. If in doubt, just delete the message.
Don't Let a Phishing Scam Reel You In

Use this image to support your messaging (click for larger image).

 

Social Posts

  • #Phishing attacks: the first and best line of defense is a good offense. Report phishy communications to your IT department.
  • Remember that reputable institutions will never e-mail you to confirm details of your account. #Phishing
  • Typos or other mistakes may indicate the e-mail in question is a #Phishing attack.
  • Never give out information over the phone if you did not initiate the call. #Phishing
  • Never e-mail confidential information to anyone. #Phishing
  • Be wary of links e-mailed or texted from unknown or unverified senders. Type the URL in your browser. #Phishing

E-mail Signature

Ask staff to add a tip to their e-mail signature block and link to your institution's phishing resources.

Example:

John Doe
Chief Information Security Officer
University of XYZ

Don't be a victim of phishing. Legitimate businesses don't ask you to send sensitive information through insecure channels. Learn more. [Link "Learn more" to your institution's phishing resources or link to one of the resources below.]

Embed or Share Videos

Resources

Share these resources with end users or use them to inform your awareness strategy.

  • Don't Let a Phishing Scam Reel You In (poster) [Use something like this for caption above and link picture to Pinterest post.]
  • Learn more about spam and phishing [https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/] or hacked accounts from the National Cyber Security Alliance.
  • The FTC provides more information for consumers about phishing scams and how to spot them.
  • The Anti-Phishing Working Group also provides consumer advice, as well as games and quizzes.

Brought to you by the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC).

© 2016 EDUCAUSE. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.