If you were to look into my spam folder on some of my e-mail accounts, you might see a few of these subject lines:
“Congratulation!!! Your e-mail is a winner!”
“Respond Urgently. This information is important.”
“Your account has been accessed by an outside source, please renew your information for security purposes”
“I have millions of dollars I want to wire to you from Nigeria because of my oppressive government, please help”
“Forward this to your friends and AOL/Microsoft/Yahoo/The Sham Wow guy will give you a check…honestly”
But before you commit to act, know this, it’s a SCAM.
In the IT world, it’s called phishing because these scams are perpetrated by those who are literally fishing for your information. Your information online is an immensely valuable commodity; with it you can access personal information like banking accounts, social security numbers, and even health information. If compromised, you could put yourself at serious risk to be the next victim of identity theft.
As one friend recently told me, “Identity theft has been the biggest pain I could imagine. Sitting in line at the DMV; on the phone with my credit card companies; talking with banks… It has been a non-stop headache and I wish someone would have warned me.” All because he thought he was doing the right thing in responding to a sophisticated phishing e-mail with a few pieces of information.
Outside of identity theft, phishing hurts organizations as well. The IT department does it’s best to protect you in the virtual world by placing filters, firewalls, and security software on your e-mails to minimize phishing attempts. But those measures of security fail when a registered user gives away the security keys (aka username and password).
Don’t think it can happen to you? Guess again. Phishing scams are constantly evolving, and are becoming more and more sophisticated everyday. It is not uncommon to see identifiable markers you are familiar with: names that are in the news, organizations you trust, etc. But by following some of these guidelines, you too can avoid being the next phish in the sea.
Guidelines to avoid phishing:
o No account administration should EVER ask for you login and password.
o Always pay attention to the email address from which it came. Verify that it is a legitimate address.
o If a web address is given, don’t use it. Instead go directly to the address you know to be real. If it is a legitimate email you should be prompted for the same information when you log into your account.
o When in doubt forward the email to your Instructional Technologist or to the helpdesk for verification.
Look closely at this REAL LIFE example!