Workday Profile: Protect Yourself from Phishing & Smishing Attacks

February 4, 2025

 

Dear Howard University Community, 
 
As part of our ongoing efforts to maintain a secure and effective network environment, we would like to bring to your attention the increasing sophistication of phishing and smishing attacks. Bad actors are continually enhancing their methods, which makes it even more important for you to stay vigilant. Please be cautious when clicking on links or sharing personal information, especially if you receive unsolicited emails or text messages.
 
Here is how you can help
We ask that you take a moment to verify the information in your Workday profile. Specifically, ensuring your personal email address and up-to-date phone number are correctly added is critical for effective communication in the event of urgent notifications or account-related matters. It is also essential for protecting yourself from security threats and helps ensure you receive important cybersecurity alerts and account recovery assistance.
 
What is Phishing?
Phishing is a type of cyber-attack in which attackers use email communications to deceive individuals into providing sensitive information, such as usernames, passwords, credit card numbers, or other personal data.
 
How can I identify a Phishing attack?

  • Sender's address - Check the sender's email address carefully. Phishers often use addresses that look similar to legitimate ones but with slight variations.
  • Greeting - Phishing emails might use generic greetings like "Dear Customer" instead of your name.
  • Language and grammar - Be wary of emails with poor grammar, spelling mistakes, or awkward language.
  • Links and attachments - Hover over links to see the actual URL before clicking. Avoid downloading attachments from unknown or suspicious emails.
  • Urgency and threats - Be cautious of emails that create a sense of urgency or fear, prompting immediate action (e.g., "Your account will be locked 24 hours").
  • Unusual requests - Legitimate organizations typically won't ask for sensitive information (like passwords, social security numbers, or credit card details) via email.
  • Offers too good to be true - Be skeptical of unexpected offers, prizes, or deals that seem too good to be true.

 
What is Smishing?
Smishing, short for "SMS phishing," is a type of cyber-attack where attackers use text messages to deceive individuals into providing sensitive information, such as login credentials, personal identification numbers (PINs), credit card numbers, or other personal data.
 
How can I identify a Smishing attack?

  • Unknown numbers - Be wary of messages from unknown or unrecognized phone numbers.
  • Spoofed numbers - Smishers can spoof numbers to make them look like they are from legitimate sources. Always verify if the number is authentic.
  • Urgency and threats - Be cautious of messages that create a sense of urgency, such as "Your account will be locked if you don't respond immediately."
  • Unusual requests - Legitimate organizations typically don't send SMS messages asking for sensitive information (like passwords or credit card details).
  • Suspicious offers - Be skeptical of unexpected offers, prizes, or deals that seem too good to be true.
  • Shortened URLs - Be cautious with shortened URLs as they can obscure the destination. If you must check the link, use a URL expander tool.
  • Attachments - Avoid downloading attachments from unknown or suspicious sources. They could contain malware.

 
Our Service Desk team will be available to address any issues or provide assistance. Please feel free to contact the Service Desk at huhelpdesk@howard.edu for support. Thank you for your continued support in protecting the University's digital environment for all users.
 
In Truth and Service,

Enterprise Technology Services

Categories

Tech Tuesdays