Dear Online Community:
Email systems have recently experienced a higher and higher volumes of successful “Phishing” attempts that have resulted in a number of compromised online accounts. As is the case with most email service providers, a lot of email accounts are frequently targeted for this type of fraud, which can often result in outright theft of identities, sensitive data or even money.
Please take a few minutes to review the following information to learn more about recognizing and avoid phishing schemes.
What is phishing?
Phishing is an attempt to acquire your personal information by masquerading as a trusted entity in an email or other electronic communication. In most cases, the “phisher” will attempt to gather one or more of the following:
- Your Username and Password
- Social Security numbers
- Credit card number(s)
- Bank account information
- Money (via mailed check or money order)
How can I identify a phishing attempt?
Phishing messages can be extremely sophisticated and convincing, but they generally have a few characteristics in common. By following these rules, you can protect yourself and the university from data and identity theft:
- If you are asked to reply to an email and include any detailed personal information in your reply, DO NOT REPLY, regardless of whom the sender claims to be. Your bank will never ask you to verify your checking account number via email; likewise, your Internet Service Providers (ISP) will never ask you to send them your password.
- If you receive a warning message (for example, from your Webmail Administrator or PayPal) that asks you to click on a link, there’s a good chance that it’s fraudulent. “Hovering” your mouse pointer over a clickable link will usually reveal the actual target address, which may not match the one that is initially visible. If that’s the case, do not click on it.
- If you click on a link in an email, ALWAYS check the address bar in your web browser to be sure you’re visiting a site that you know and trust before entering your username and password or any personal information.
- If you’re still unsure, contact the sender (by phone if possible), or your ISP Helpdesk for further assistance. NEVER trust a sender until you are completely sure it’s safe to do so.
I’ve been phished – what do I do now?
You should immediately identify what type of personal information has been compromised, and take all necessary precautions to secure that information. For example, if you respond to a phishing attempt with your username and password, then you should immediately reset your password by visiting the Password Self Service or by contacting the Online Services Helpdesk. If your bank account or credit card information becomes compromised, contact the issuing bank by phone for assistance.