Information Security Office

Phishing and E-mail Scams

Phishing

Phishing attacks are  a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.  

What Information are Phishers After?

Phising attacks go after the following information:

  • Usernames and Passwords
  • Credit Card Numbers and CVS codes (The 3-5 digit codes on the backs of credit/debit cards)
  • ATM/Debit Card Information
  • Social Security Numbers
  • Banking Information (Account Numbers, Routing Numbers)

Never Provide any of this Information via E-mail!

  • No reputable organization or business will ever ask you for confidential information via e-mail.
  • Never respond to an e-mail from a source you are not 100% sure the sender is legit.  When in doubt call the organization or business but DO NOT use contact information found in the e-mail.
  • Always check the authenticity of a website before you provide personal information
  • Never click on a link in a suspicious e-mail because it may take you to a malicious website.
  • Always bookmark sites you do business with.
  • Phishing e-mail will often have a sense of urgency. ("Your 
       account will be closed if you don't..." etc.) They may also contain strange words, misspelled words or 
       unusual or awkward phrasing to help them avoid SPAM-filtering software.

What to do if You Were Phished

  • Report it to the Help Desk (5555)
  • If you believe your financial accounts may be compromised, contact your financial institution immediately.
  • Watch for any unauthorized charges to your account
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

Vaild Sources that are Frequently Spoofed

FINANCIAL

ONLINE SERVICES

OTHERS

  • your employer
  • help desk personnel
  • IT organization
  • vishing (Phishing via Phone)

 

What You Can DO

To keep from becoming a phishing victim follow the advice given by Anti Phishing Work Group. More anti phishing resources are available in our related links page.

 

Recognizing Scams

  • OIT will NEVER ask for your password!
  • If it sounds too good to be true, it probably is!
  • If the message does not appear to be authentic, it’s probably not. 
  • Check to see if the content of the message appears in search engine results (known scam, etc. 
  • Watch for typographical errors, bad formatting, poor grammar, etc. 
  • If the message asks you to send your information to them, rather than the other way around.  
  • If you do not have an account with the company supposedly sending the email.
  • Facebook Scams: To learn about scams on Fabcebook follow the link.

Check for Scams Online

 

More Information for Online Safety