Phishing has quickly become one of the most common and effective attacks to compromise an organization's security and illegally access information and assets. These attempts to trick individuals into revealing private information have no end in sight, but following some basic guidance can help reduce the odds of becoming a victim:

• Don't trust email from unknown senders and don't open their attachments.
• If an email seems suspicious, verify the sender through trusted contact information.
• Hover your mouse icon over hyperlinks to ensure the destination matches the URL.
• Read the full destination URL when hovering over hyperlinks or when viewing a linked page.

If you think you may be involved in a phishing incident, contact the IT Help Center for support.

Reading URLs

Speaking of checking the destination URL, how do we know a good URL from a bad one? Webpage URLs consist of multiple parts that compose the final destination, for example:

• http://www.heritage.edu/
• This is a good link! "Heritage" is the second Level Domain and "EDU" is the top Level Domain

• http://www.heritag.e.edu/
• This is a bad link! It has a 3rd level domain of "Heritage", a 2nd level domain of "E", and a top level domain of "EDU". So, this link would actually send someone to the website "e.edu", not "heritage.edu"

Now, what about this one:

• http://www.heritage.edu.dll.ca/homepage.htm
• This is a bad link! The top level domain is before the first slash " / " mark, so even though this URL contains the correct "HERITAGE.EDU", it's actually a sub-domain site for website "DLL.CA".

These are just a few of the ways phishers attempt to trick people into trusting malicious webpages, it's up to everyone to remain vigilant and report phishing attempts when they're encountered.

Avoiding Scams

Between 2014 & 2018, the FBI's Internet Crime Complaint Center (IC3) received 1,509,679 complaints totaling $7.45 billion in total losses. In 2018 alone, they received an average of more than 900 complaints every day. Read the full report here: https://pdf.ic3.gov/2018_IC3Report.pdf

IC3 Guidance for Business Email Compromise (BEC):

• Contact the originating Financial Institution as soon as fraud is recognized to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity.
• File a detailed complaint with www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
• Visit www.ic3.gov for updated PSAs regarding BEC trends.
• Never make any payment changes without verifying with the intended recipient; verify email addresses are accurate when checking mail on a cell phone or other mobile device.