It’s that time of year when LLCC sees an increase in phishing attempts.
Phishing involves fraudulent communications designed to deceive individuals into divulging sensitive information or performing actions that compromise security. Spear-phishing targets specific individuals within an organization by pretending to be someone they know or trust, such as a higher-up in the organization, to increase the chances of success.
Phishing attacks, especially those masquerading as communications from higher-ups in your organization, can be quite sophisticated and convincing. Here are some steps you can take to protect yourself and mitigate the risk:

1. Verify the Sender’s Identity
   1. Check the Phone Number/Email Address: Compare the sender’s contact information with your organization’s directory or known contact details. Phishers often use similar but slightly altered information.
   2. Contact the Sender Directly: Use a known, trusted method (e.g., calling their direct line) to confirm if they actually sent the message.
2. Be Skeptical of Urgent Requests
   1. Question Unusual Requests: If the message asks for sensitive information, immediate action, or unusual tasks (like transferring money), be cautious. High-ranking officials typically follow standard procedures and rarely make such requests via text message.
   2. Look for Red Flags: Incorrect or spoofed email from address (usually one letter different than the correct one), or a tone that doesn’t match the sender’s typical communication style can be indicators of a phishing attempt.
3. Avoid Clicking on Links or Downloading Attachments
   1. Don’t Click Without Verification: Links in phishing messages often lead to fake websites designed to steal your credentials. Always verify before clicking.
   2. Beware of Attachments: These can contain malware. Only open attachments if you are expecting them and have verified the sender.
4. Use Multifactor Authentication (MFA)
   1. Enable MFA: This adds an extra layer of security. Even if your credentials are compromised, MFA can prevent unauthorized access.
   2. Use Secure Methods: Opt for authentication apps or hardware tokens over SMS-based codes, as these are more secure.
5. Keep Software Up to Date
   1. Regular Updates: Ensure your operating system, applications, and antivirus software are up to date. Patches often fix security vulnerabilities that attackers exploit.
   2. Automatic Updates: Enable automatic updates where possible to stay protected without manual intervention.
6. Educate Yourself and Others
   1. Stay Informed: Keep up to date with the latest phishing tactics and scams. Awareness is a key defense.
   2. Share Knowledge: Educate your colleagues about phishing threats and how to recognize them. A well-informed team is less likely to fall victim to such attacks.
7. Trust Your Instincts — Be cautious: If something feels off, it probably is. It’s better to double-check and be safe than to assume and be sorry.
8. Report Suspicious Activity — Notify the LLCC IT Help Desk: If the attempt is via email, report it through the “report message” button in Microsoft Outlook. This helps in tracking and mitigating threats for everyone. If you suspect a phishing attempt through texting or any other method, or if you believe you clicked on something suspicious, report it to the LLCC Help Desk by email at helpdesk@llcc.edu or calling 217-786-2555.

By staying vigilant and following these steps, you can significantly reduce the risk of falling victim to phishing attacks. Remember, cybercriminals rely on exploiting human trust and errors, so being cautious and informed is your best defense.