Email & Text-Based Phishing Attempts Impersonating SFCM community

Phishing messages (online, emails, text messages, even phone calls) often use social engineering to bait people into clicking on the links or responding. They tend to include names of people you work with or know in the message. They can spoof their email address, phone number, or signature.

When you receive a message:

1. If any messages are asking you to take action or respond, stop and question if it is a legitimate or expected message.

2. Verify if it came from the correct email address or phone number.

3. If you cannot determine if the message is legitimate, contact the user directly in another form (do not reply to the message).

4. And/or contact it@sfcm.edu and we can help you verify.

5. Once it is confirmed the message is malicious, report it as Spam/Phishing and block the sender's number or email address.

Resources:

FTC article on Phishing https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/phishing

CISA guide on how to avoid Phishing https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks

Guide to practice Think before you click https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/phishing-program-infographic.pdf

Take a Phishing Awareness Quiz https://www.cisco.com/site/us/en/learn/topics/security/what-is-phishing.html#phishing-quiz