What is Phishing? WebopediaTM (www.webopedia.com) offers the following definition:
Pronounced “fishing” [it is] the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
Variants of the spam-borne phishing scam, also referred to as “carding” or “brand spoofing,” are on the rise despite increased public awareness. In the past, fraudulent e-mails appearing to be from eBay, PayPal, AOL, MSN, Citibank, and other highly recognized and legitimate online organizations have shown up in inboxes world-wide, warning that a person’s account may be disabled unless he or she provides or updates his or her account information. Many individuals continue to be scammed by these emails. They do look very authentic, often including a recognizable format and corporate logo from the actual organization.
As phishing e-mails increase and as their perpetrators use ever-more deceptive methods, it is necessary for individuals to determine whether an e-mail or website is legitimate. Following are a few tips to help you avoid being “taken in” by an email scam:
- Even before e-mail phishing became so popular and wide-spread, legitimate online businesses and institutions rarely would ask you to send personal information via e-mail. If you get an e-mail asking for this information or warning you that your account is going to be disabled unless you respond with your personal information, do not reply or click on any links within the e-mail. Contact the real company directly by phone or using an e-mail address you know to be legitimate to enquire about the notice.
- Look for misspellings and language errors in the e-mail. Though a single error may be an honest mistake, more than one should alert you to a possible scam.
- When it is necessary to provide personal information through a website, verify that the site is secure – look for the “lock” icon in your browser’s lower status bar. If there is no lock icon, or if the icon is shown as unlocked, do not submit your information.
- Report suspicious activity to the Federal Trade Commission (FTC). You can send the actual spam e-mail to firstname.lastname@example.org. Additionally, if you believe you have been scammed, go to www.ftc.gov to file your complaint, then visit the FTC’s Identify Theft website at www.ftc.gov/idtheft for information on how to minimize your risk from identity theft.
The following websites provide information and tips on protecting yourself from phishing and other email scams:
"the web's dedicated anti-phishing service" maintains an index of phishing scam occurrences
SANS Institute monthly report on identity theft and computer attacks
Other ways to avoid e-mail scams and deal with deceptive spam
Steps you can take to help identify and protect yourself from deceptive (spoofed) websites and malicious hyperlinks
List of resources for fighting phishing
Information on forthcoming software that will warn users of suspected phishing sites
Information source for "pharming" exploits, which attempt to redirect traffic from legitimate websites to imitation sites, potentially for phishing purposes.
Users can also contact the IT Help Desk at 766-4357 (6-HELP), option 1, if they have any computer security questions or concerns. Alternatively, send an email message to Userhelp@uwyo.edu and a Help Desk representative will respond.