Internet Safety - Phishing
Complete the phishing quiz and see if you will take the phishers bait!
What is Phishing?
Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information. Phishers send an e-mail or instant message that claims to be from a business or organization that you deal with - for example, your Internet service provider (ISP), bank, credit card company, online payment service (such as PayPal), eBay, or even a government agency (such as the IRS).
Recognizing Phishing Attempts
Phishing attempts have been around for years. Recently many attempts have targeted the St. Edward's community. You can recognize it as a phishing attempt because of the following characteristics:
- It asks for a username and password. No one from SEU will ever ask you to provide your password via e-mail.
- The From address is bogus: for example: "firstname.lastname@example.org"
- The Reply-To address is clearly not a SEU address: for example: "email@example.com"
- The e-mails may have frequent misspellings.
Never give your password out via e-mail to anyone--not SEU, not your bank, not your credit card company, no one! If an e-mail has a link to a site that asks you to enter your login and password, do not do it! Use the web address you know to access the site, not a link you have received in the e-mail. Many phishing attempts make use of company logos to make the site seem legitimate.
What happens when you reply to a phishing attempt?
Once compromised, your e-mail account will be used to send spam to thousands of people. When that happens, St. Edward's e-mail domain becomes suspected of being a source of spam which can lead to all stedwards.edu accounts being blocked by other e-mail providers.
If you answer a phishing email to your St. Edward's email account your email account will be blocked. You will not be able to log in and check email until you do the following:
- Reset your password in EdWeb
- Come into the Computer Help Desk in Moody Hall 309 for phishing training
- After resetting your password, check your settings in Zimbra Webmail to make sure return address information was not changed by the phisher.
What does a phishing attempt look like?
- The e-mail message usually says that you need to "update" or "validate" your account information.
- It might threaten some dire consequence if you do not respond. It might say you need to pay for an item on eBay or lose your account or that someone is suspected of hacking into your account and you need to verify your information.
- The message may contain a "From" address that looks legitimate. Unfortunately, it is very easy to spoof the sender's address in an e-mail.
- The message has logos that look just like the legitimate company logos. Phishers copy logos from the web and place it in the e-mail.
- The message directs you to a Web site that looks just like a legitimate organization's site, but it is not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information. If you very carefully hover your mouse over the web address (don't click!) you can see the full URL which is usually very different from the real company's web address.
General E-Mail Safety Tips
- Be suspicious of e-mail attachments from unknown sources.
- Don't use the links in an e-mail to get to any web page, if you suspect the message might not be authentic. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
- Verify that attachments have been sent by the author of the e-mail. Newer viruses can send e-mail messages that appear to be from people you know. This is known as "spoofing" a sender's address.
- Do not set your e-mail program to "auto-run" attachments. In Eudora leave "Warn me when I Launch a program from a message" checked in Tools/Options/Extra Warnings. Leave "Allow executables in HTML content" unchecked in Tools/Options/Viewing Mail.
- Obtain all Microsoft security updates.
- Update your anti-virus protection weekly.
How should you respond to a phishing attempt?
If you get an e-mail or instant message that asks for personal or financial information:
- Do not click on the link in the message. Legitimate companies do not ask for this information via e-mail.
- If you are concerned about your account, contact the organization in the e-mail using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, do not cut and paste the link in the message.
- Do not reply to "phishing" e-mails.
Don't respond in any way to these e-mails. If you are not sure if something is a phishing attempt, forward it to the help desk and they will check it out.