Published on Oct. 1, 2024

Updated on Oct. 7, 2024

October may be known as the month of spooks and scares, but during Cybersecurity Month, it’s also a time to take steps to keep scammers from tricking you into giving up access to private information.  

The University of Missouri Division of IT employs sophisticated email security measures to keep most phishing attempts from ever reaching your inbox. But like the most persistent Halloween pranksters, scammers are using increasingly complex methods to trick users. 

This Cybersecurity Month, Matthew Reedy, security analyst with the MU Division of IT, recommends these six steps to keep the tricksters at bay and protect your inbox from potential phishing attempts: 

1. Watch for banners on emails sent from outside users. The most effective way to spot a potential phishing attempt is to keep an eye out for the warning banner on messages sent from an external sender, Reedy said. “WARNING: This message has originated from an External Source. This may be a phishing expedition that can result in unauthorized access to our IT System. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.” Keep in mind that the banner is just one indicator and doesn’t guarantee that an email is malicious.   

2. Be wary of emails sent after hours. “While phishing attempts can occur at any time of the day, we see an uptick in phishing attempts in the early morning and early evening hours,” Reedy said. “If you check your inbox first thing in the morning, be mindful of external emails you received overnight.”  

3. Use the Microsoft Authenticator app: Multi-Factor Authentication (MFA) provides an additional layer of protection on top of your existing username and password. With MFA, a second factor, such as code sent to your smartphone, is needed to successfully log in. Instead of having a text message sent to your cell phone, use the Microsoft Authenticator app for enhanced security.    

4. Use the Outlook mobile app to check email on your phone. Adding your university email to your device’s built-in email app limits functionality for reporting phishing attempts. The Outlook app has a built-in reporting feature that makes it easier to report suspicious emails. See these instructions to set up the Outlook app on your device.  

5. Be skeptical of emails with rushed requests: Beware of email requiring immediate attention and demanding personal information or account information. Other suspicious indicators include spelling/grammatical mistakes, an overall generic tone and an ambiguous website link. The university will never call or text and ask for your password or your Multi-Factor Authentication codes. 

6. Check the sender. “Phishing attempts may try to use the name of a well-known figure or university leader to get your attention and trick you into clicking on links in the email,” Reedy said. Before clicking any links or opening any attachments, check the email address of the sender. If the address does not correspond with the sender’s name or organization, it’s possible this is a phishing attempt. When in doubt, you can start a new email to the content or call them to confirm if the email is legitimate.  
    

Find more information security tips, including what to do if you think you’ve been phished and how to report a suspicious email, at the InfoSec webpage.  

Related article:

Received a strange text? Be vigilant against ‘smishing’