Phishing E-mails – What can we do?
We all get phishing scam e-mails. Cornell and Microsoft try their best to block what they can, whilst still allowing legitimate e-mails into our Inboxes. But what can we do on our end?
We can educate ourselves on how to spot a phishing e-mail or malicious website!
CCE’s Phishing 101 online course:
- Go to: https://stafflearning.cce.cornell.edu/course/view.php?id=133
- Log in with netid and password.
- Click the Green Enroll button.
Anyone at CCE can take this course at any time and you can take it at your own pace. An employee who completes the course (all four videos with quizzes) will receive a certificate upon completion.
CU Learn Intro to Phishing Awareness online course:
- Go to: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/app/shared;spf-url=common%2Flearningeventdetail%2Fcurra000000000002880
- Log in with netid and password.
- Click the Blue Enroll button for each of the four sections in this program. Each section is about 5 minutes.
- SC1715-What is Phishing
- SC1716-Types of Phishing
- SC1717-Understanding URLs
- SC1718-Spotting Phishing Scams
Anyone at CCE can take this course at any time and you can take it at your own pace. An employee who completes the course (all four videos with quizzes) will receive a certificate upon completion.
Cornell IT Security Awareness Recorded Webinar
- In 2018, Kyle Szuta from Cornell IT Security gave a presentation about security awareness, with an emphasis on protecting yourself from social engineering attacks via phishing e-mails. The examples used during this presentation are many of the common ones that have been directed towards our Cornell e-mails.
- Go to: https://vod.video.cornell.edu/media/IT+Security+Awareness/1_wm1tlqxx (~47 minutes)
More phishing resources available to all staff:
- Cornell Verified Communications – This link will help you tell whether an email from Cornell is real.
https://it.cornell.edu/verified-cornell-communications - Cornell Phishbowl – You may also want to check Cornell’s list of phishing (fake) emails that have been spotted on campus.
https://it.cornell.edu/phish-bowl - Cornell – Basic Info / Spot Fraudulent Emails (Phishing)
- Avoiding Online Scams: https://vod.video.cornell.edu/media/Avoiding+Online+Scams/1_t5q3pz3o (~3 minutes)
- E-mail Phishing 101: https://it.cornell.edu/security-and-policy/spot-fraudulent-emails-phishing (~5 minutes)
- E-Safe Video: Phishing Emails (2:28 runtime): https://www.youtube.com/watch?v=gTApmz_ybus
- Additional videos on Phishing:
- What is Phishing? (3:07 runtime) https://www.youtube.com/watch?v=9TRR6lHviQc
And last but not least some email comedy (3:56 runtime) https://www.youtube.com/watch?v=dSoXEtFPTfI
If you think your computer has been compromised, follow these steps:
This compromise could be from clicking on a phishing e-mail link, going to a compromised website or maybe your computer is running slow and you are suspicious that your computer has been infected with malware.
If you need assistance, please see your local IT contact or call one of the SBN IT staff (Jenn and Christi: 585-786-2251).
- Unplug your computer from the network and make sure your computer’s Wi-Fi is turned off.
- If there is a pop up message on your computer:
- Hit Ctrl-Alt-Del and click on Task Manager
- Click on the web browser that is open and select “End Task” (which will close the pop up in the web browser)
- Run a full scan with Windows Defender.
- While the scans are running, notify your local IT contact of the situation and get assistance with going to another un-infected computer and change your NetID password at: http://netid.cornell.edu
- If the scans do find malicious software on your computer, please contact the SBN IT staff at 585-786-2251 ASAP.
- If the scans do not find anything, go ahead and plug back in your computer to the network and forward either the phishing e-mail or known compromised website address to security-services@cornell.edu and cc wsbnit@cornell.edu.