IT Security Resources

What is Phishing?

Phishing is a fraudulent email-based attack disguised as a legitimate communication. The goal of the attacker is to trick the recipient into responding by clicking on a link, opening an attachment, or directly giving up account credentials, such as username and password. IT Security recommends users report suspicious emails using the Phishing Reporter button in Outlook, Office 365, and the Outlook mobile app.

To avoid falling victim to email scams, OIT recommends all employees:

• REPORT suspicious emails using the Report Phishing button located on the Outlook toolbar. IT Security will analyze the email and, if found malicious, block the threat.
  
• DO NOT CLICK ON THE LINKS IN AN EMAIL. If you have a business relationship with the sender or an account (MyMC, Amazon.com, your bank, etc.), log in to the account by using the known web address for the account, such as montgomerycollege.edu – Access MyMC.
• If you sense something strange or “phishy” about the email, pick up the phone and call the sender. Do not respond back to the sender in an email because the attacker will direct you to complete the request or download the malicious attachment.
• Never respond to any email asking for information such as your user ID, passwords, Social Security Number, birth date, or other personally identifiable information. Neither the College nor OIT will ever ask you for this information.
• Check the sending email address and name(s). If you do not know the sender or expect an email with a “shared link” or attachment, do not click on the link or open the attachment.

OIT encourages employees who need assistance in spotting a phishing email to complete (or revisit) the Data Security@MC training module “Phishing” in Workday Learning.

Report a suspicious email using the Outlook application/client
Use the Report Phishing button located on the Outlook toolbar. IT Security will analyze the email and, if found malicious, block the threat.

Report Phishing / Suspicious emails: Outlook on the Web

Montgomery College IT Security provides employees a quick and easy way to report suspicious emails using a Phishing Reporter button. The Phishing Reporter button captures the suspicious email’s metadata and submits it to IT Security for analysis. Remember – report all suspicious emails. IT Security will analyze the reported email and take action to prevent potential threats.

To access the Phishing Reporter button, click on the Apps icon in the top far-right area of the email.

Select the Phishing Reporter button within the Apps box.

Report a suspicious email using a mobile device:

Assessing the legitimacy of an email on a mobile device can be challenging due to the small viewing space and limited options to fully inspect the sending domain, attachment, and link. To report a suspicious email within the Outlook app from your mobile device:

1. Click on the three circle dots located in the top right corner of the email message.
2. This will open a window showing the Report Phishing icon.
3. Select the Report Phishing button to report.
4. Click on OK in the Report Phishing window to submit.

Having trouble with the Reporter button? Send the suspicious email as an attachment to phishtrap@montgomerycollege.edu.

What is Phishing?
Phishing is a fraudulent email-based attack disguised as a legitimate communication. The goal of the attacker is to trick the recipient into responding by clicking on a link, opening an attachment, or directly giving up account credentials, such as username and password.

How do I report a suspected phishing email?
Select the suspected phish and click on the Report Phishing button in Outlook, Office 365, and the Outlook mobile app to report.

What happens when I report a suspected phishing email using the Phishing Reporter tool in Outlook?

Once the user reports the suspected phishing email, the email is forwarded to IT Security and deleted from the user’s Inbox:

• The email is forwarded to IT Security and deleted from the user’s Inbox (a copy is placed in the user’s Deleted folder).
• The PhishMe Reporter dialog box opens with the following message:
  Click “OK” to report this email to IT Security and remove the message from your Inbox. This button is for reporting only. If you have questions about the message or have interacted with it (e.g., clicked on links, opened attachments, responded to the sender, etc.), please contact the Service Desk for further assistance.

IT Security will analyze the email:

• Legitimate emails are returned to the user.
• Malicious emails are deleted.

Is the Outlook Phishing Reporter tool available for Outlook Web Access (OWA) or the Office 365 portal?
Yes, the Phishing Reporter tool is available for the Outlook mobile app and within the Office 365 portal.

The Phishing Reporter button is not displayed by default. Add the Phishing Reporter button when using Outlook on the web. Once added, the button will be displayed for all emails in your inbox.

Note: It is best to use the Reporter tool because the original email headers are included and needed for analysis by IT Security.

Should I report suspected phish to the IT Security Desk?
No, please either use the Phishing Reporter tool or forward the suspected phish to phishtrap@montgomerycollege.edu.

What if I have questions about the email or interacted with contents of the phish?
Please contact the IT Service Desk. An IT Service Desk ticket will be opened for IT Security to address the issue.

What other phishing and security awareness education resources are available?

Basic safe computing and security awareness e-courses are available in MC Learns. Available topics include:

• Social Engineering
• Spear Phishing Awareness
• Malware
• Malware links
• Password Security
• Data Protection
• Mobile Devices
• Social Networking
• Physical Security
• Security Outside the Office
• Insider Threat

What is a PhishMe simulated phishing email?
PhishMe is a program OIT will use to randomly send simulated phishing email scenarios to College employees. The purpose is to promote user awareness on how to detect a phishing email.

What do I do if I receive a PhishMe simulated phishing email?
If you receive a simulated phish, don’t fall for the trick. Do what you would do with any suspected phish. Report the email using the Outlook Phishing Reporter tool or email phishtrap@montgomerycollege.edu.

What happens when I report the PhishMe simulated phishing email?
Once the user submits the simulated phishing email, the email is forwarded to IT Security and deleted from the user’s Inbox just like a real phishing email would be handled (a copy is placed in the user’s Deleted folder).

What happens if I don't detect the PhishMe email as a phish and click on the link?

If you click on the link in the simulated phishing email:

• You will receive a 30–60 second informational video or graphic.
• There is no penalty for not detecting the phishing email.
• The purpose of the email is to educate College employees on how to detect the tricks and dangers of phishing emails.

A strong password is your first line of defense when protecting your information. It is important to develop a password that is easy for you to remember, but not easy for someone else to guess. Developing a good password takes some thought. Review the tips and guidance on how to strengthen your passwords published by the Cybersecurity & Infrastructure Security Agency (CISA).

In addition to a strong password, MC requires Two-Factor Authentication (2FA) as an added layer of security to protect accounts. For tips and FAQs, visit the 2FA website to learn more.

Standards for a strong password:

• MyMC minimum requirement is eight characters in length; however, the longer it is, the stronger it is.
• Contains numeric characters alternating with alphabetic characters.
• Includes symbols such as: !, @, (, $, %, ^, &, *, ) and # whenever the site or system allows.
• Contains both upper and lowercase letters in alternating format.
• Does not contain any portion of your name, address, date of birth, SSN, login ID, nickname, family member names, pet name, or sports team name.
• Avoids reference to the workplace or work responsibilities such as “college1”, “Rockville”, “pa$$word”, or “c0mputer”.
• A passphrase helps create strong, easy-to-remember passwords.

An easy way to create a strong password is to use an easy-to-remember passphrase of 4–7 unrelated words.

Example:
Phrase: MooseBlueCoverWalkHayRock

Note: You can use spaces before or between words to help strengthen the password.

Guidelines for keeping passwords safe:

• Use a different password for every account.
• Use a Password Manager – it is hard to remember all these passwords!
• Never reveal or share your password.
• Never write passwords down or conceal them near a workstation.
• Change passwords periodically (at least every six months) and never reuse.
• Change passwords immediately and contact the IT Service Desk if an account or password is suspected to have been compromised.

When you are on the move and using a WiFi hotspot provided in a coffee shop, bookstore, campus, or airport, you need to be wary of hackers waiting to access your network or steal your information. Most public WiFi hotspots do not provide security protection for their users. Here are some ideas to make those hotspots safer:

Hackers are able to capture network traffic with little effort and chance of being caught. Make sure that sensitive data is encrypted during transport and not sent in clear-text. Only submit your credit card and other personal information to secure websites. How do you tell if your communications are protected (encrypted)? Web browsers use various methods to notify the user that the connection is secure, such as:

• Changing http:// to https:// by adding an “s”.
• Displaying a gold lock symbol.
• Changing the color of the address bar.
• Notifying the user that the browser session is encrypted.
• Displaying a browser alert message when a site’s security certification is invalid.

Configure your laptop to allow only connections to approved access points.

• Disable Automatic Wireless connections.
• Verify that you are connecting to the appropriate SSID.
• Disable ad-hoc capability, which allows other wireless users to connect directly to your laptop.
• Disable your wireless card when not in use.

Disable File and Printer Sharing to prevent disclosure of your shared files and to reduce the chances of your computer being compromised.

Use a personal firewall.

Use anti-virus and anti-spyware protection software.

MALWARE

There are simple steps that you can take at work and at home to ward off virus, spyware, and other malware attacks:

• While at work, do not open an email from someone you don’t recognize.
• Be very cautious with any email attachment.
• Be careful what you download.
• Make sure you have Anti-Virus software.
• Keep your Anti-Virus software and firewall up to date.

SCAREWARE

Scareware is another type of malware that has caught even experienced IT professionals off guard. The user might notice a pop-up appearing while browsing the Internet. The pop-up will indicate that a virus or other type of malware problem has been detected on the user’s PC and ask if the user wants to fix or remove the problem. Unfortunately, when the user responds, what may actually occur is that an executable virus is installed on the computer. With the virus install complete, the next step is for the offending software company whose software provided the virus to offer a solution for the virus but at a price to the user.

Once active on a computer, scareware can block attempts to update Windows or anti-virus software, prevent an anti-virus software scan, or automatically hijack a web browser. Scareware is also very difficult to remove, often immune to file deletion measures, causing the user to have to reformat the computer’s hard drive(s) and reinstall an operating system and other applications.

Although not foolproof, the following measures can help to protect against a scareware attack:

• Keep the computer’s Windows software updated.
• Use legitimate anti-virus and anti-spyware software and keep them updated.
• Don’t automatically click on an unfamiliar or suspicious pop-up. Think before you click!
• Remove any suspicious pop-up by right-clicking on the item in the taskbar at the bottom of the screen and selecting “Close” or by manually exiting the browser session using Ctrl-Alt-Delete. Avoid clicking on the exit symbol in the upper right-hand corner of the pop-up.

SPYWARE

Spyware is software that collects information from your computer as you use the Internet to visit websites. Spyware is automatically downloaded onto your computer when you visit some websites and used to track your internet activity. Spyware is known to hide in free software downloads and is sometimes known to carry viruses. You might even freely agree to accept commercial spyware when you agree to the end-user license agreement of a new downloaded program or game. What are symptoms of a spyware-laden computer?

• A barrage of pop-ups.
• A hijacked browser – you type in an address, and the browser takes you somewhere else.
• New or unexpected toolbars or icons.
• Sluggish system performance.

Install anti-spyware software to ward off this threat.