- To report a phishing email or if you have a question about the authenticity of an email, please forward a copy of it to firstname.lastname@example.org.
Phishing, Scams, Adware, Spyware
Phishing and other scams are serious business. If you fall for an online scam, you risk exposing your personal or financial information and could cause the University's online services to be blacklisted. Read on for information on how to protect yourself.
What do the words mean?
- Adware is software that has been installed on your computer by a remote site and continues to generate advertising even when you are not running the originally desired program.
- Phishing is email fraud where the perpetrator sends out legitimate-looking emails that appear to come from well known and trustworthy Web sites in an attempt to gather personal and financial information from the recipient. UMass Boston users are kept up-to-date about such attempts. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.
- Spam is unsolicited email on the Internet. Spam is roughly equivalent to unsolicited telephone marketing calls, except that the user pays for part of the message since everyone shares the cost of maintaining the Internet. UMass Boston’s constantly updated spam filter blocks most junk mail.
- Spyware is a general term for a program that surreptitiously monitors your actions
Phishing activities are on the rise. According to the recent Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG), the total number of unique phishing reports submitted to APWG in January 2008 was 29,284, an increase of over 3,600 reports from the previous month. Almost every day, newspapers, blogs and RSS feeds carry the sad tales of lost identities and pilfered life savings.
What is Phishing?
According to the APWG:
"Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials.
Social-engineering schemes use 'spoofed' emails to lead consumers to counterfeit web sites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond.
Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
How to Protect Yourself
You can improve your odds of avoiding the headaches associated with phishing by following the steps listed below.
The simplest 1-2-3 advice is: 1. Be wary 2. Stay vigilant 3. Use common sense. For a few specifics, follow this APWG list of tips to prevent being hooked by a phishing attempt:
- Be suspicious of any email with urgent requests for personal financial information.
- Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't know the sender or user's handle.
- Avoid filling out forms in email messages that ask for personal financial information.
- Always ensure that you're using a secure web site when submitting credit card or other sensitive information via your Web browser.
- Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
- Consider installing a web browser tool bar to help protect you from known fraudulent web sites. These tool bars match where you are going with lists of known phisher web sites and will alert you.
- Regularly log into your online accounts.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- Ensure that your browser is up to date and security patches applied .
- Report "phishing" or “spoofed” emails to the ITSD Service Desk.
- Get department of defense certified in the next 10 minutes - free
Read the full article Consumer Advice: How to Avoid Phishing Scams for more details. See also the FTC Consumer Alert: How Not to Get Hooked by a 'Phishing' Scam.
Sharpen and Test Your Skills
There are several excellent tutorials to help you spot phishing attempts and learn how to avoid them, and quizzes to test your awareness of various phishing tactics. You may wish to check out one or more of the following listed here.
Tips, Tutorials & Videos
- Phishing vs. Pharming video (ZDnet)
- Tips to avoid phishing scam (from "LooksTooGoodToBeTrue.com")
- AT&T Online Tutorial
- What you should know about phishing scams (Microsoft)
- Overview of Phishing Scams
- Spotting a Phishing Scam in Your Email
- 10 Tips to Combat Phishing (from Panda Software)