Each week a different area of cybersecurity will be highlighted and different tips
will be given to keep you, your computer, your data, and your identity safer.

Can you identify the phishing scams?

Beware of the Phishing Scam

Press Play to Watch the Video
Get Flash Player

What are phishing scams & how can I avoid them?

Phishing Explained

Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate sources like your bank, your Internet Service Provider, eBay, or PayPal, for example. These messages usually direct you to a fake web site and ask you for private information (e.g., password, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

Warning Signs

There are often signs that can tip you off that a message may not be what it appears. The hints below can help you avoid "taking the bait."

  • Urgent Language - Phishing attempts often use language meant to alarm. They contain threats, urging you to take immediate action.  “You MUST click on the link below or your account will be canceled.”
  • The Greeting - If the message doesn't specifically address you by name, be wary.   Fake messages use general greetings like “Dear eBay Member” or “Attention Citibank Customer” or no greeting at all.
  • URLs Don’t Match - Place your mouse over the link in the e-mail message.  If the URL displayed in the window of your browser is not exactly the same as the text of the link provided in the message, run.  It’s probably a fake.   Sometimes the URLs do match and the URL is still a fake.  Before you click, look for other clues in the message like the use of a secure connection (SSL – https://).
  • Avoid the Obvious- “Official” messages that contain misspellings, poor grammar and/or punctuation errors are dead-giveaways – assume those are fake.  And, of course, if you don’t have a Wachovia credit card, for example, don’t respond to a request for information for card holders!
  • Request for Personal Information - If an e-mail message asks you to provide your user name, password, or bank account information by completing a form or clicking on a link within an e-mail message, don’t do it.   Legitimate companies will never ask you to provide that kind of information in an e-mail message.  Most legitimate messages will offer you an alternate way to respond like a phone number.

Can you spot a phishing e-mail? Take this short quiz to find out.

How to avoid them

To avoid phishing scams, never click the links provided within these types of e-mail messages. If you feel the message may be legitimate, go directly to the company's web site by typing it in your browser or contact the company by phone to see if you really do need to take the action described in the e-mail message. Delete the e-mail message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the fraudulent web sites it contains.

Use the Microsoft Phishing Filter

If you use Internet Explorer as an internet browser you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site. Read more about it here: http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

If you do fall victim, tips for damage control are available on the OIT Security Center

Links and References

For avoidance tips, more info and examples try these sites:

Reporting phishing attempts

You can report these phishing scam attempts to the company that's being spoofed.

Check back next week for tips on keeping safe when using social networking sites like Facebook and MySpace!

Beware the Phishing Scam Cover Yourself No Excuses: Illegal Downloading is Stealing Secure Your Laptops & Cell Phones