Beware of Phishing Scams

Phishing Explained

Phishing scams are fraudulent e-mail messages appearing to come from legitimate sources like your bank, your Internet Service Provider, eBay, or PayPal. These messages may direct you to a fake web site and ask you for private information (e.g., password, credit card, or other account updates). Legitimate companies will never ask you to provide your user name, password, or bank account information in an e-mail message.

Warning Signs

There are often signs that can tip you off that a message may not be what it appears. The hints below can help you avoid "taking the bait."

  • Urgent Language - Phishing attempts often use language meant to alarm. They contain threats, urging you to take immediate action.  "You MUST click on the link below or your account will be canceled."
  • The Greeting - If the message doesn't specifically address you by name, be wary.   Fake messages use general greetings like "Dear eBay Member," "Attention Citibank Customer," or no greeting at all.
  • URLs Don’t Match - Place your mouse over the link in the e-mail message.  If the URL displayed in the window of your browser is not exactly the same as the text of the link provided in the message, run.  It’s probably a fake.   Sometimes the URLs do match and the URL is still a fake.  Websites that request secure information should begin with "https://".
  • Avoid the Obvious- "Official" messages that contain misspellings, poor grammar and/or punctuation errors are dead-giveaways – assume those are fake.  And, of course, if you don’t have a Wachovia credit card, for example, don’t respond to a request for information for card holders!
  • Request for Personal Information - If an e-mail message asks you to provide your user name, password, or bank account information by completing a form or clicking on a link within an e-mail message, don’t do it.   Legitimate companies will never ask you to provide that kind of information in an e-mail message.  Most legitimate messages will offer you an alternate way to respond like a phone number.

Can you spot a phishing e-mail? Take this short quiz to find out.

How to Avoid Them

To avoid phishing scams, never click the links provided within these types of e-mail messages. If you feel the message may be legitimate, go directly to the company's web site by typing it in your browser or contact the company by phone to see if you really do need to take the action described in the e-mail message. Delete the e-mail message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the fraudulent web sites it contains.

Use a Phishing Filter

If you use Internet Explorer as an internet browser, you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site. Read more about it here: http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

Firefox has a similar feature. To turn on this feature go to: Tools > Options > Security. Check Block Reported Attach Sites and Block Web Forgeries.

If you do fall victim, tips for damage control are available on the OIT Security Center

Links and References

For avoidance tips, more info and examples try these sites:

Reporting Phishing Attempts

You can report these phishing scam attempts to the company that's being spoofed.

Follow us on TwitterFollow us on Twitter & check back next week for tips on avoiding phishing attempts!