Spotting malicious URLs is a bit of an art. The examples represented here are some of the common tricks used by hackers and phishers to fool users into visiting malicious websites. The methods shown here could be used by legitimate services, but if you see one of these “tricks” you need to make sure you’re dealing with the organization you think you are.
<v5pz @ onmicrosoft . com>
- www.llnked in.com
Brand name in URL, but not real brand domain
Brand name in email address but doesn’t match brand domain
- Bank of America
URL Domain Name Encoding
- When clicking on a shortened URL, watch out for malicious redirection. https://bit.ly/2SnA7Fnm
- Human Services.gov
Strange Originating Domains
URLs which have hidden links to completely different web sites at the end.
- t-info.mail.adobe.com/r/?id=hc347a&p1=evilwebsite .com
From our Partners at Knowbe4: This free course is being offered during Cybersecurity Awareness Month.
Take a look at this sample email of some Phishing Red Flags to be cautious about.
- Hover over the link. The link may not take you to the site the email content says it will.
- The email tells you to click a link or open an attachment.
- The is a sense of urgency to the email (Example: “Do the now”)
Phishing Awareness Tips
1. Make sure you read the full email address of the sender. If the email address looks suspicious, report it.
2. Hover over all URL links before clicking on them to make sure they are legitimate.
3. Any email with a URL or file attachment should be considered high risk.
In our uber-connected world, it seems like cybercriminals and malicious links creep around every corner. News stories of ransomware attacks and data breaches costing millions of dollars fly past our feeds almost constantly. We get it; it can be overwhelming. With so much information bombarding us, it can be hard to focus on the right actions to take to keep information secure. That’s why we’re recognizing Cybersecurity Awareness Month this October by sharing tips to stay cyber secure, both at work and at home. To turn away cyber attacks, a little knowledge teamed with critical thinking skills can go a long way!
Stay tuned to our blog site this month as we will be sharing weekly information provided by our InfoSec training service partner KnowBe4. The list below is what will be shared over the month of October.
- Free Interactive Course: Social Engineering Red Flags
- Free Interactive Course: Your Role: Internet Security and You
- Expert-led videos on pretexting and password management
infographics on avoiding social engineering and cybercrime
- Cybersecurity awareness tip sheets
Microsoft Defender for Office 365
Widener LIS will be enabling Microsoft Defender for Office 365 on June 1st for Widener email (Outlook). All links that are found in an email are scanned by Office 365 protection services to check for security threats.
If an link is found to be unsafe, the user will be alerted with an interface describing the issue. If encountered, please close the web page immediately and continue on with your day knowing you were protected. If you feel like this website has been categorized by mistake, please open a quickticket and we will investigate. Using the “continue anyway” link is never recommended without the explicit direction of a member of the ITS Information Security Team.
When a message contains a clickable image or text, the original address of the link will be replaced with a “safe link”. Safe links always contain the domain name “safelinks.protection.outlook.com/”.Safe links will show you the original URL when you hover over the link. Emails shown in plain text mode will show the full “safe link”.
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
If you have any questions, please open a quickticket.widener.edu or call the HelpDesk at 610-499-1047 for further assistance.
Starting Thursday May 13th, all employee accounts will have Multi-Factor Authentication (MFA) enforced for Microsoft 365 logins which includes Outlook, Teams, SharePoint, and OneDrive. To make this day a non-issue for you, we are encouraging you to configure your account prior to this date.
Setup your mobile phone device.
Choose your preferred MFA setup instructions from the options listed below under . Call 610-499-1047, option #3 to assist you at any time.
Once completed, your next Microsoft 365 login will prompt you for the MFA action you chose during device setup.
Note: You will not be prompted for MFA while connected to Widener’s Internet or Wi-Fi Network.
Setup instructions for your Phone for MFA :
• Frequently Asked Questions- FAQs
• iPhone App Setup (recommended)
• Android App Setup (recommended)
• Text Verification Non-App Setup
(Can be used by Flip Phones, iPhones, or Android.)
• “Call Me” Non-App Setup (No Mobile Phone )
Anytime you are interested in testing MFA on your account, select one of the optional links below for instruction.
• Test using Safari
• Test using Chrome
• Test using Firefox
Note: You will not be prompted for MFA while connected to Widener’s Internet or Wi-Fi Network while testing.