You may have received an email recently that inferred it was legitimate when in fact nothing about it seemed right. This is referred to as a “phishing” scheme, a form of identity theft. Phishing relies on social engineering, making you believe the perpetrator should be trusted. Approximately 7 percent of recipients respond to them because they successfully present themselves or their message in this manner.
This is not an unknown or isolated occurrence; reports of these messages have surfaced at universities across the country.
Phishing schemes ask people to provide their addresses, passwords, and account numbers by identifying some problem that requires an immediate response by you. The people asking for this information count on you to not examine the message or consider your response thoroughly. It is wise to be suspicious.
- Do not click on any links and do not reply.
- Forward the message to Information Security (firstname.lastname@example.org) for reporting and follow-up. Please include the full header information. Directions for getting the full headers for a variety of mail clients can be found following this link to the Helpdesk website.
- Delete the message.
- If the message could be legitimate, contact the source via another medium. For example, if you receive an email phishing message, telephone the source to confirm. Remember, banks and credit card companies never ask for your account numbers; they have them. WPI will never ask for your password.
- Keep your virus and anti-spyware software up to date.
Remember that phishing schemes seek your personal information; don’t share this information with anyone. Be aware that banks and financial institutions will not ask for confidential information from you online or via the phone, they already have it. Anyone asking for your password should arouse suspicion.
Want to test your knowledge of phishing? Play the Anti-Phishing Phil game developed by Carnegie Melon University, in conjunction with the U.S. National Science Foundation and ARO/CyLab.
Have a question? Call the CCC Helpdesk, ext. 5888
For more information regarding ID Theft or phishing, consider enrolling in the one-hour course “ID Theft, Don’t Be a Victim,” offered annually at WPI by Information Security.Maintained by itweb
Last modified: Feb 18, 2013, 09:28 EST