Phishing
Phishing is the new word in consumer online security fraud for convincing the consumer to provide confidential information through a website or email. The information may be used for fraud, identity theft, or other compromise. The university community has recently seen emails falsely labeled from a variety of financial institutions and others, including Rutgers attempting to convince the user to surrender private information.
September is a great month for getting started in classes and getting to know your computer. It’s also a prime month for computer fraud and identity theft. Phishing email messages targeting the Rutgers community provide a connection between you and identity theft. Phishing is a form of social engineering in which the attacker attempts to trick you into revealing private information about yourself or others by sending spoofed email that appears to be from reputable institutions. Phishing e-mails can provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal or confidential information. These emails may also threaten you with closing your account (bank, email, etc.), demanding money which they say you owe, or other warnings and intimidation. The information you provide can be used for the theft of your identity which would enable them to drain bank accounts, open charge accounts in your name and other damaging criminal activities. DELETE phishing email.
NOTE: Rutgers will NEVER request passwords or other personal information via email. Messages requesting such information are fraudulent and should be deleted.
Any email thought to have been sent by Rutgers requesting personal or confidential information should be deleted. If you have any question about the validity of an email, call the sending institution or department directly (using their main information number), or contact the HELP Desk.
Quick hints about phishing:
1. Know the online institutions and businesses you deal with. Banks and financial institutions will not request personal information via email, as it's not secure. When an email arrives from an unknown, remember: it could be fraud, it's definitely spam, and it is definitely not for you. Delete it.
2. Consider the subject line of an email carefully. Citibank will never send you an email headed “_Citiibank_account_update ACT-N0W”. These messages may get through spam filters because they appear to come from a reputable source, but that doesn’t mean it’s really from Citibank.
3. Understand how the institutions and businesses you deal with want to interact with you. For example, banks usually want you to access your account through a secure website–not an email link. “Phishing” mails should stand out because they don’t follow the usual rules.
4. Practice safe browsing. Open a new browser window each time you log on to a web site that displays personal information. When you are done at that site, log out and close that browser window.
5. Be sure to look for spelling and grammatical errors, especially from companies you know. Phishing from foreign countries can be grammatically incorrect, or have misspellings and give themselves away as phishing attempts.
6. Don’t click on a link in email…rather copy and paste it into the address box. URLs can be disguised—so don’t take a suspect link at face value.
7. Never enter your personal or credit information into a form in an email (it's not encrypted). If you feel the email is legitimate, call the company or visit their web site and log in to provide the requested information.
8. Use privacy settings on social networking sites (Facebook, MySpace, Twitter, etc.). Without them anyone can gather information about you from a variety of places to piece together an identity background.
9. Read your financial statements, credit card statements, etc. – every one, every month to ensure your charges and debits are correct. Often information obtained through phishing is not used right away. Stay vigilant and report any suspicious activity immediately.
10. Use and maintain your pop-up blocking, and anti-virus. If you have any questions, call or email your HELP desk
"Phishing" schemes will continue to get more sophisticated and harder to detect. A combination of technology and awareness is the key to keeping the “phishers” at bay and your identity in check.
Additional Resources
Microsoft's Answers to a few general questions about phishing scams
Short video: The Dangers of Phishing and Opening Attachments: "Bud's Misadventures"
How not to get hooked b y a phishing scam
Take the Mail Frontier Phishing IQ Quiz
Anti-Phishing Phil (this'll teach you!)
Here's our own video public service announcement (PSA) as seen on RU-tv: Alisa shows us the problem she had when she clicked on a link for Lil' Wayne concert tickets. Thanks for the warning, Alisa...also learn about the Educause/Internet2 Video Contest. Cash prizes for the winning short public service announcements (PSA) about IT security.