3:15 p.m., Oct. 21, 2010----Phishing is old news. The international media have warned people not to fall for phishing scams. Yet, because they are often very convincing, these scams remain one of the largest threats to cyber security, according to representatives of University of Delaware Information Technologies (IT).
The classic phishing scam arrives in your email and tries to convince you to surrender too much personal information. Five years ago, these scams would ask you to reply with your Social Security Number, date of birth, and your bank or credit card account number. Most people now know not to respond to this kind of email.
However, people still fall for one of three variations:
1. Many email phishing scams try to get you to reply to the email with the password to your account at UD or another institution. In this type of attack, phishers tell you they need your account information to fix a problem.
Solution: Never send your account password to anybody in email.
2. In another variation, the phishing email contains a link that appears to go to a real site (e.g., Facebook or your bank). The linked website appears authentic, but is set up to capture your personal information so your credentials or financial accounts can be sold on the black market.
Solution: Verify links contained in an email message before you click on them. (More information)
3. The latest variation uses fake receipts or other email from a site you might use. Last month, the University of Delaware community was warned about fake contact requests from the professional networking site LinkedIn. Recently, the UD community has also reported fake receipts that appeared to come from iTunes, Amazon.com, and PayPal. This phishing technique uses your curiosity to lead you to a link that downloads malware onto your computer. Most of this malware will harvest financial information from your future activities.
Solution: If you have no reason to expect an email receipt from a vendor, delete the email without opening it. If you have purchased something from that vendor, then examine the email carefully before deciding whether or not to respond. (More information)
Phishing schemes are expanding beyond email: Use caution following links and responding to messages in social networking sites.
The University does protect the community from many phishing scams. For example, IT staff and departmental email administrators share information on new phishing scams. This anti-phishing list allows computing staff across the campus to take prompt action: for example, blocking the sender from sending further phishing email to UD or redirecting dangerous links found in phishing email to a phishing warning page.
However, neither IT nor departmental computing professionals can block all phishing scams. Nor can UD staff block phishing email you receive off-campus. As the organizers of National Cyber Security Awareness Month have pointed out, coping with phishing scams is a responsibility we all share.
For more information on recognizing phishing email and on steps you can take to protect yourself against phishing attacks, visit the University's NCSAM website.
Editor's Note: This is the fourth article in a series in observance of NCSAM. See also “UD marks National Cyber Security Awareness Month,” “UD warned: Viruses can eat your computer alive,” and “Protect yourself against password snatchers.”