Phishing is a type of social engineering attack often used to steal sensitive information by pretending to be a trustworthy source. Phishing can be done through email, phone or even in person with the intention of tricking an individual to give up confidential information such as: Login Credentials (passwords), Social Security Numbers, Credit Card Data, Protected Health Information, etc. Please see this video for more information: How to Avoid Social Engineering Scams

Most phishing emails are designed to obtain your user credentials by linking you to a landing page asking for a username and password. Phishing emails can also load malware onto your computer in the form of an "attachment".

Important! You should never give out your account info, passwords, credit card numbers, bank account numbers, birthdate, social security number, or other sensitive information to a site you were directed to by an email message, nor should you ever send this information via email. Always be suspicious if you receive an email requesting that you do so. When in doubt you should contact Help Desk or InfoSec for advice. Here are a few points to consider when trying to recognize a phishing attempt:

1. Tone – Does the message use a threatening tone such as "account deletion" if not responded to immediately ? Malicious actors will often play into our feelings by stressing a sense of urgency for a response.
2. Structure – Does the greeting of the message identify you by name? Or is it a general greeting such as "Dear Customer" ? Is it awkwardly worded ? Be especially cautious if your name is not used in the email.
3. Odd Request – Does the sender appear to be a colleague or someone from authority asking for an urgent response or favor that doesn't quite make sense ? Be on the lookout for unexpected requests appearing to be coming from someone you know. Often times upon closer review of the senders name you will see a fake email address instead. It’s always good practice to contact the sender directly by phone or email (never reply to the suspicious message) to verify if the message is legitimate.
4. Suspicious Attachment – Be skeptical of any email with an attachment that you weren't expecting. Especially if the message requests your login credentials or asks you to click a link to proceed.
5. Think Before You Click – Hover your mouse over the link (without clicking it) to see where it would take you. You may discover that the web address (URL) is different than what is shown in the message. Please don’t underestimate your instincts. If something feels suspicious, it probably is. When in doubt, throw it out!
   
   Forward any suspicious emails to infosec@artic.edu or contact Chris Johnson, Director of Information Security at cjohnson@artic.edu / 312-499-4031 with any questions.
   
   Security Tip: When purchasing and banking online, you should always go to the site first on your own by typing in the url, e.g. www.amazon.com, and making sure that when you do provide sensitive information that the site is "secure." This is easy to tell by the "lock" icon on your browser window and the "https" - the "s" added to the end of http in the address location bar.
   
   

The most significant things to know about our email protection is that all incoming and outgoing artic.edu messages are checked for viruses and certain types of files that are prohibited from being sent or received. This service provides added protection against email borne computer viruses passing through the Art Institute's e-mail system, but doesn't replace virus protection programs already installed on your computer.

This does NOT mean that it's now impossible for your computer to be affected by a computer virus. Malicious people who write computer viruses are always trying to circumvent technologies to protect you. You should be careful about opening documents or following links sent from people you don't know or weren't expecting from people you do know. Act wisely.

For improved protection from malicious programs, certain file types are not permitted to pass through the AIC email system, regardless of whether they are attached to email messages or archived (zipped, tar, etc.). Remember, always use caution when opening attachments that you receive via email. If you don't recognize the sender, you shouldn't open any attached files. If you weren't expecting an attached file from a sender you do know, verify that the sender did in fact intend to send you the file.