Phishing
What is Phishing? WebopediaTM (www.webopedia.com) offers the following definition:
Pronounced “fishing” [it is] the act of sending an e-mail to a
user falsely claiming to be an established legitimate enterprise
in an attempt to scam the user into surrendering private
information that will be used for identity theft. The e-mail
directs the user to visit a Web site where they are asked to
update personal information, such as passwords and credit card,
social security, and bank account numbers, that the legitimate
organization already has. The Web site, however, is bogus and
set up only to steal the user’s information.
Variants of the spam-borne phishing scam, also referred to as
“carding” or “brand spoofing,” are on the rise despite increased
public awareness. In past months, fraudulent e-mails appearing
to be from eBay, PayPal, AOL, MSN, Citibank, and other highly
recognized and legitimate online organizations have shown up in
inboxes world-wide, warning that a person’s account may be
disabled unless he or she provides or updates his or her account
information. Many individuals continue to be scammed by these
e-mails. They do look very authentic, often including a
recognizable format and corporate logo from the actual
organization.
As phishing e-mails increase and as their perpetrators use
ever-more deceptive methods, it is necessary for individuals to
determine whether an e-mail or Web site is legitimate. Following
are a few tips to help you avoid being “taken in” by an e-mail
scam:
- Even before e-mail phishing became so popular and wide-spread,
legitimate online businesses and institutions rarely would ask
you to send personal information via e-mail. If you get an
e-mail asking for this information or warning you that your
account is going to be disabled unless you respond with your
personal information, do not reply or click on any links within
the e-mail. Contact the real company directly by phone or using
an e-mail address you know to be legitimate to enquire about the
notice.
- Look for misspellings and language errors in the e-mail.
Though a single error may be an honest mistake, more than one
should alert you to a possible scam.
-
When it is necessary to provide personal information through a
Web site, verify that the site is secure – look for the “lock”
icon in your browser’s lower status bar. If there is no lock
icon, or if the icon is shown as unlocked, do not submit your
information.
- Report suspicious activity to the Federal Trade Commission
(FTC). You can send the actual spam e-mail to
uce@ftc.gov.
Additionally, if you believe you have been scammed, go to
www.ftc.gov to file your complaint, then visit the FTC’s
Identify Theft Web site at www.ftc.gov/idtheft for information
on how to minimize your risk from identity theft.
Phishing Scam Information Sources
The following Web sites provide information and tips on
protecting yourself from phishing and other e-mail scams:
Users can also contact the IT Help Desk at 766-4357 (6-HELP), option 1, if they
have any computer security questions or concerns. Alternatively, send an email message to
Userhelp@uwyo.edu and a Help Desk representative will
respond.
