Phishing is a cyber-crime where targeted individuals are contacted via email by someone posing as a legitimate institution. These emails may contain links to fake institution websites whose look and feel is identical to the legitimate one. Some of these fake websites are so well done that it’s almost impossible to tell them apart unless you look at the URL. This is all done in an effort to cheat users into providing sensitive information such as banking and credit card deals as well as passwords. This personal information is then used to access individual’s accounts and results in identity theft and financial loss.
How to detect a phishing email
Features of phishing emails:
- Luring emails: Phishing scams often include lucrative offers and eye-catching or attention-grabbing statements in the emails.
- Urgent emails: A favorite phishing tactic is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond.
- Link to another Website: When phishers send you a link to your bank’s homepage and you click on the link, you will be sent to a different phishing website which looks very much like the official website. On the site, you will be provided with spaces to enter personal information like credit card numbers, SSN, PIN, password, date of birth, and so on. Once you submit the information, the phishers gain access to this personal information which can be used to conduct online transactions, or even to submit loan applications in your name.
- Spam Mails: Use the drawbacks of current security techniques to access sensitive information. It’s not uncommon for phishers to send millions of emails at one time.
- Generic names: If the emails do not contain your name, you should be suspicious. Generally, these emails will address users as “Dear Customer” instead of using proper and valid names.
How to report a phishing email
If you receive a phishing email please forward the phishing email to firstname.lastname@example.org. Once received we will use this information to block the sender and the phishing link on campus to prevent others from accidentally following the link.
ICT has also created a location to store all reported Phishing Alerts for students, faculty and staff to view the latest and most common phishing emails making the rounds.
Though phishers are always coming up with new phishing techniques, there are anti-phishing techniques:
- Never enter financial or personal information into links provided in emails.
- Use anti-spyware software. It will scan every file which comes through the Internet to your computer and help to prevent damage to your system.
- Use firewall settings and update them regularly. Firewall protection prevents access to malicious files by blocking the attacks.
- Report phishing to industry groups where legal actions can be taken against fraudulent websites.
- Don’t get lured into fake deals. If verification is required, always contact the company personally before entering any details online.
- Check the address in the link. A secure website always starts with “https”.
- Check bank details regularly. Get monthly statements from your financial accounts and check all entries.