Internet Safety - Phishing

Printer-friendly versionSend to friend

What is Phishing?

Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information. Phishers send an email or instant message that claims to be from a business or organization that you deal with - for example, your Internet service provider (ISP), bank, credit card company, online payment service (such as PayPal), EBay, or even a government agency (such as the IRS).

Recognizing Phishing Attempts

Phishing attempts have been around for years. Recently many attempts have targeted the St. Edward's community. You can recognize it as a phishing attempt because of the following characteristics:

  • It asks for a username and password. No one from SEU will ever ask you to provide your password via e-mail.
  • The From address is bogus: for example: hlpdek@stedwards.edu
  • The Reply-To address is clearly not a SEU address: for example: customercaresupportteam@info.lt
  • The e-mails are usually filled with misspellings also.

Never give your password out via email to anyone--not SEU, not your bank, not your credit card company, no one! If an e-mail has a link to a site that asks you to enter your login and password, do not do it! Use the web address you know to access the site, not a link you have received in the e-mail. Many phishing attempts make use of company logos to make the site seem legitimate.

What does a phishing attempt look like?

  • The e-mail message usually says that you need to "update" or "validate" your account information.
  • It might threaten some dire consequence if you do not respond. It might say you need to pay for an item on EBay or lose your account or that someone is suspected of hacking into your account and you need to verify your information.
  • The message may contain a "From" address that looks legitimate. Unfortunately, it is very easy to spoof the sender's address in an email.
  • The message has logos that look just like the legitimate company logos. Phishers copy logos from the web and place it in the email.
  • The message directs you to a Web site that looks just like a legitimate organization's site, but it is not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information. If you very carefully hover your mouse over the web address (don't click!) you can see the full URL which is usually very different from the real company's web address.

How should you respond to a phishing attempt?

If you get an email or instant message that asks for personal or financial information:

  • Do not click on the link in the message. Legitimate companies do not ask for this information via email.
  • If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, do not cut and paste the link in the message.
  • Do not reply to "phishing" e-mails.

General E-Mail Safety Tips

  • Be suspicious of email attachments from unknown sources.
  • Don't use the links in an email to get to any web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
  • Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know. This is known as "spoofing" a sender's address.
  • Do not set your email program to "auto-run" attachments. In Eudora leave "Warn me when I launch a program from a message" checked in Tools/Options/Extra Warnings. Leave "Allow executables in HTML content" unchecked in Tools/Options/Viewing Mail.
  • Download all Microsoft security updates.
  • Update your anti-virus protection weekly.
     
Tags: