Phishing

Fishing Hook GraphicMost libraries have filtering software for their email accounts, but this doesn’t mean you shouldn’t be on the lookout for malicious emails.

Avoid getting caught

  • Only click links in email from trusted sources.
  • Don’t download an attachment unless you know who it’s from.
  • Don’t enter your personal information into any form you have reason not to trust. 
  • Use context clues and listen to your gut. Just because an email looks like it’s from a coworker doesn’t guarantee it is. A hacker can send a message that appears to be from your coworker by hacking or spoofing their email address.
  • Look at the entire URL you are being asked to click on. Is it exactly the same as the site address you normally type?

Phishing is one of the most common ways that a hacker can gain control of your computer and network.

These emails are designed to trick someone into handing over sensitive information or downloading a malicious software. Once a hacker has access to your system they can discover your passwords and gain full control, possibly of the entire library's network. Be on the lookout for emails that have an urgent request to transfer money, click on a link, or share sensitive information.

 

Exercise

What are the phishing red flags in this email between employees at different libraries?

phishing conversation screen shot

  • The email domain is from AOL. This is not a typical domain used by libraries.

  • The response email asked for money.

  • There are several typos.

  • The recipient is asked to visit a link and provide personal information.

Quick Tip

If you click on a link you think might be malicious, let your IT staff know right away.