Protecting Yourself From Phishing
What is Phishing?
Phishing is the practice of sending out mass emails that are fraudulent in nature. These emails masquerade as legitimate emails from credible institutions stating they are having some type of issue, and request that you reply with your confidential information to comply. It is called phishing because they are "fishing" for information and hoping that someone will "bite" by sending them their confidential information.
How Does Phishing Occur?
You may receive emails or phone calls asking for your confidential information. Normally, these individuals will pretend to be working for legitimate companies such as eBay.com or Amazon.com, or institutions such as banks, insurance companies, etc. They will state things like "We are having issues with our computers, and we need you to verify your personal information" or "We have noticed suspicious activity on your account". They will then ask you for your confidential information such as bank account numbers, social security numbers, credit card information, passwords, etc. Other methods used are "You have won the lottery drawing!" or that they are from the IRS and you will be receiving a refund.
What Should I Be Aware Of When Receiving A Suspicious Email?
Look for the following clues: misspelled words, unprofessional tone, bad grammar, or other problems with the content. Other things to look for: they are asking you to verify your confidential information, will hold you liable if you don't respond, telling you that the account will be closed if you don't respond, etc. All these are signs of a phishing message.
What Do I Do If I Get A Phishing Message?
Report and forward the original email to the Information Security Office at firstname.lastname@example.org. Do not reply to the sender of the email.
What Do I Do If I Am Unsure About A Fraudulent Email Message?
Following these steps to minimize your chances of becoming a victim of fraud:
- Do not click on any links listed within the email message.
- Do not open any attachments included in the email.
- Forward the email message to The Information Security Office.
- Review your credit card and bank statements, and your bills, for unauthorized charges or withdrawals.
- Never enter personal information using a pop-up screen. Legitimate companies will provide secure web forms for you to fill out.
How Can I Protect Myself From Phishing Messages?
Install phishing filters on your email and web browsers. The filters will not keep out all phishing email messages, but should reduce the amount that you receive in your email account.
Are There Other Phishing Attacks That I Should Be Aware Of?
Spear Phishing: This is a focused attack, directed at a small, targeted group of people. For example, if a "phisher" has access to a list of bank customers, the phishing messages will be directed towards them specifically.
Pharming: These messages include an attachment that may contain a virus. If the virus is installed on your computer, it can do a variety of harmful things, such as opening a back door to your computer. Hackers will then be able to get into your computer and obtain your personal information without your knowledge. The computer can also be turned into a "zombie" which may then send out more phishing messages or attach to other computers. Hackers can also install a keyboard logger that will capture every keystroke you make to obtain your user ID's, passwords, credit card numbers, bank account numbers, etc.
The majority of people do not fall for phishing attacks, but it only takes a small percentage of users to make the perpetrators wealthy.