Fraudulent Email

How to Detect Phishing Attacks

Telling the difference between a legitimate email, instant message or popup and a fraudulent one is not easy.  If you receive any email or other message on your computer requesting personal information (such as an account name, password, date of birth, or social security number), please review the following information before continuing any further.

 

Always remember that Colby Information Technology Services (ITS) will NEVER request your personal information over electronic mail.  Furthermore, you should always avoid sending any personal information via electronic mail.

 

What is fraudulent or 'phishing' email?

"In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by  masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures." (wikipedia.com)

 

What to do if you receive email you suspect is fraudulent?

Delete it.  These emails are generated by the same computers who bring spam to your inbox on a daily basis.  Reporting them does very little good. Never click on a link in a fraudulent email or message - it may make matters worse by introducing viruses to your computer. 

 

Common methods of identifying fraudulent or 'phishing' email:

  • Claiming to be from a company or vendor that you do not have an account with
  • Spelling or grammatical errors in the subject line or text
  • Vague references in the subject line or text, such as 'RE: Your Account' or 'Dear Valued Customer' - if they know you have an account, they should know who you are
  • Requests for unnecessary or irrelevant information (such as a date of birth)
  • URL/website links within the message, such as unnamed (direct IP address, i.e. http://10.42.107.92) and manipulated or invalid  host names (the name does not match the vendor's or has been manipulated).

Test yourself.  How well can you identify fraudulent email?

http://www.sonicwall.com/phishing/

 

Steps to take if you have responded to a phishing attempt?
If you think you may have accidentally responded to a phishing attempt, make sure to immediately change any accounts or passwords that may have been compromised.  If it is a Colby account, follow the instructions here:
http://www.colby.edu/administration_cs/its/support/account/pwinfo.cfm.  If it is a vendor (bank, credit card, online merchant) account, contact that vendor to have your information changed.

 

As always, if you have questions about email fraud or computer security, contact the appropriate Colby ITS support desk for assistance - Faculty and staff may contact the Support Center at support@colby.edu or ext. 4222 and students may contact Student Computer Services at scshelp@colby.edu or ext. 4224.