Phishing is a type of deception designed to steal your identity. In a phishing scam, a malicious person tries to get information like credit card numbers, passwords, account information, or other personal information from you by convincing you to give it to them under false pretenses. Phishing schemes usually come via spam, email, or pop-up windows.
A phishing scam begins with a malicious user who sends out millions of fraudulent email messages that appear to come from popular websites or from sites that you trust, like your bank or credit card company. The email messages and websites they often send look official enough that they deceive many people into believing that they are legitimate. Believing that these emails are legitimate, unsuspecting people too often respond to the email's requests for their credit card numbers, passwords, account information, or other personal information.
A scam artist might put a link in a fake email that appears to go to the legitimate website, but actually takes you to a scam site or even a pop-up window that looks exactly like the official site. These copies are often called spoofed websites. Once you are at one of these spoofed sites or pop-up windows, you might unwittingly enter even more personal information that will be transmitted directly to the person who created the spoofed site. That person can then use this information to purchase goods, apply for a new credit card, or steal your identity.
Never respond to requests for personal information via email - Legitimate organizations will never ask for passwords, credit card numbers, or other personal information in an email. If you do receive an email requesting this kind of information, DO NOT RESPOND, DO NOT REPLY, DO NOT CLICK ON LINKS OR IMAGES, and DO NOT OPEN ANY ATTACHMENTS with the message. If you think the email is legitimate, contact the company by phone or through their website to confirm. See (#2) for the best ways to get a website if you think you've been targeted by a phishing scam.
You can get more information about phishing and see some example messages at Microsoft Safety & Security Center. You can also see actual phishing examples sent to PennWest University.
Visit websites by typing the URL into your address bar - If you suspect that an email from your credit card company, bank, online payment service, or other websites you do business with is not legitimate, do not follow the links to the website from an email message. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site.
Classic examples are phishing emails that claim to come from eBay or PayPal. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). So beware of IMITATION WEBSITES!
Check to make sure the website is using encryption - If you can't trust a website by the address bar, how do you know it's likely to be secure? There are a few different ways. First, before you enter any personal information, check to see if the website uses encryption to transmit your personal information. In Internet Explorer you can do this by checking the yellow lock icon on the status bar. If the lock is closed, then the site uses encryption. This symbol signifies that the website uses encryption to help protect any sensitive personal information, credit card number, payment details that you enter.
Double-click the lock icon to display the security certificate for the site. The name following Issued to: should match the site you are on. If the name differs, you may be on a spoofed site. If you are not sure whether a certificate is legitimate, don't enter any personal information. Play it safe and leave the website.
Routinely review your credit card and bank statements - Review credit card and bank statements as soon as you receive them to check for unauthorized charges.
Report suspected abuses of your personal information to the proper authorities - If you feel you have been a victim of a phishing scam, you should immediately report the scam to the company that's being spoofed. If you are unsure how to contact the company, visit the company's website to get the correct contact information. The company may have a special email address to report such abuse. Remember not to follow any links in the phishing email you received. You should type the known website address for the company directly into the address bar in your internet browser.
Use anti-virus software and maintain security settings on your computer - See the Safe Computing - Protect Your PC for additional details.
The following screen captures are from example Phishing emails. The red flag icons display warnings that each message was a scam.
Example 1: OneDrive
Example 3: Current Events Scam
Example 4: Social Media Notification Scam
TO CREATE AND MAINTAIN A SAFE COMPUTING ENVIRONMENT ON YOUR PERSONAL COMPUTER, BE SURE TO...
Update your Operating System
Note: the information provided here was developed to assist home users with personally owned computers.
Protect your personal information, prevent identify theft, and secure your computer and data...follow these Safe Computing practices...
Please note that PennWest University will NEVER ask you to send or verify your password information via email! We are continuing to receive reports about password scam attempts being sent to PennWest accounts. You should NEVER provide your password or other sensitive information to someone via email. If in doubt, use caution and DO NOT REPLY. DO NOT OPEN ATTACHMENTS, and DO NOT FOLLOW LINKS IN A SUSPICIOUS MESSAGE.
Please protect your personal information - be suspicious when you receive unsolicited emails or phone calls. Watch out for emails claiming to be from universities, retailers, banks, or government agencies that threaten to close accounts or require you to "confirm" personal information.
Passwords are the key to accessing many services. Passwords are one of the most important fundamental safeguards to protecting your information. Unfortunately, passwords are also one of the top reasons for security compromises due to the selection of weak passwords or the careless disclosure of password details.
Here are some important password practices:
Please see the following sources for tips and additional information on creating effective passwords:
Mobile devices, like smart phones, tablets, iPads, laptops, and netbook computers allow us to stay connected when we are "on the go". Here are a few tips for using your mobile device safely.
Texting and SPAM - Just like you need to use email responsibly, you should also protect your cell phone number. Spammers, identity thieves, predators and cyber bullies also use cell phone text messages to inflict harm.
Scammers will try to get you to go to websites that look legitimate, but are actually traps. You should always verify the authenticity of the websites you visit, particularly banking and credit card websites.
Tips to Prevent Identity Theft
The time between Thanksgiving and Christmas is the biggest shopping season of the year. As we enter the holiday season, we would like to remind everyone to take additional precautions against identity theft.
Here are some tips for keeping your credit card, account, and identity secure during the holiday season:
During a transaction keep an eye on your credit card and get it back as quickly as possible. Double swiping of credit cards into a 2nd device that makes a copy is a prevalent way of stealing card info.
Using an ATM?
Stick to sites that have a trustworthy reputation.
Look for Safety Symbols to assure only you and the merchant can view your payment data. Safety symbols include:
Make sure that your computer has a firewall installed and run up-to-date anti-virus and anti-spyware software.
Keep your computer current with the latest operating system and web browser updates and patches.
Create strong passwords for sites.
Never respond to suspicious emails or click on links inside suspicious messages. If an offer sounds too good to be true, it probably is.
Do not reply to an email, text, or pop-up that asks for personal or financial information.
Never email your credit card number to anyone.
Report lost or stolen credit cards immediately. Many companies have toll-free numbers and 24-hour service to deal with such emergencies. Sign the new or replacement card as soon as you receive it.
Verify a source before sharing information. Do not give out personal information on the phone, through the mail, or on the Internet unless you have initiated the contact and are sure you know with whom you are dealing.