Somebody's Fishing for a Sucker - Don't Get Reeled In!

Have you ever gotten an email that appeared to be from your bank, credit card company, Paypal, etc. asking for your account information or password? Perhaps they told you that "another address had been added to your account" and now you should "click here." If you've received one of these, then you have seen the latest abuse of email that everyone is talking about: phishing.

(Note that this is a BIGDIRTYRAT doing the phishing!)

These emails are cleverly crafted to look like they come from legitimate sources in order to trick you into revealing information about yourself that could then be used to perpetrate identity theft. Some of these messages are easy to spot but their sophistication is growing and so we must be ever and extra vigilant. Here are two examples of scary "phishing" messages that many users receive almost every day:

EXAMPLE 1
---------------------------------------------------------------------------------------------------
email example

EXAMPLE 2
---------------------------------------------------------------------------------------------------
phishing email example 2
---------------------------------------------------------------------------------------------------
What you can do to protect yourself

Be suspicious of any email with urgent requests for personal information.

Don't be fooled by emails with upsetting or exciting (but false) statements that try to get you to react immediately.

If you suspect the message might not be authentic, NEVER use the links within the email to get to a webpage.

Don't fill out forms in email messages that ask for personal financial information.

Communicate information such as credit card numbers only via a secure website or the telephone. To make sure you're on a secure Web server, check the beginning of the URL in your browser address bar. It should be "https" rather than "http". The "s" stands for secure.

Log in to your online accounts regularly, and check bank, credit and debit card statements to ensure that all transactions are legitimate.

Also, be sure to maintain up-to-date anti-virus, firewall and operating system software on your home PC.

What OET is doing


The college's email spam filtering software catches some of these emails as fraudulent based on their spam-like criteria. Note that this filtering is spam-specific (not necessarily phishing-specific) and can be eluded with subtle changes to the message. It can also slip through if you have elected to accept mail from a particular sender.

The college maintains up-to-date anti-virus software on your work PC and its email servers which will catch many of the messages that attempt to exploit your workstation as well as trick you into revealing information.

The college updates your work PC regularly, fixing many of the problems the scammers could attempt to exploit.

For more information
:

http://antiphishing.org
http://www.bbbonline.org/idtheft/phishing.asp