BGSU :: Information Technology Services :: ITS Information Security & Privacy

ITS Information Security & Privacy

	Phishing

	Security Home > Advice > Phishing Overview "Phishing" is a technique using e-mail or similar means to deceive you into providing account numbers, passwords, credit card numbers, or similar information that could be used to perpetrate fraud. Often the e-mail will use actual logos, privacy statements, contact information, or other visual cues from a trusted company such as a bank to make it look authentic. The goal is to entice you to click on a link in the e-mail without thinking, which will take you to an authentic-looking but hostile web site to harvest your personal information. Recognizing a phishing scheme Examples Protecting yourself What to do if you responded to a phishing scheme More information Recognizing a Phishing Scheme The following can help you recognize a phishing scam: E-mails are typically sent to thousands of people at the same time and are not personalized. Look for cues like "Dear sir or madam", multiple e-mail addresses in the e-mail header, etc. Be suspicious of any e-mail that urgently requests personal information or asks you to update existing information. Beware of upsetting statements like "...or your account will be disabled". Examples Following is an actual example of a phishing e-mail: Notice the use of actual Chase logos. Notice that your email address is not in the “To:” line of the email header. It was actually send to many people whose addresses are in the “BCC:” line (blind copy addresses are not viewable). Your name or account number was not included in the message itself. E-mail creates a believable story based on fears of alleged government monitoring in current events or news stories. No specific federal law was cited. Think: Does the bank not already have plenty of personal information about you, including SSN for filing IRS interest income or expense statements, address for mailing bank statements, etc.? If they wanted to verify accuracy, why would they request information through a process using something as potentially anonymous as an e-mail address? Protecting Yourself How to protect yourself from a phishing scam: Do not click on any links in the email. If you have questions, contact the company by phone or other means but use trusted public directory services to locate contact information – do not use contact information provided in the email. What to do if You Responded to a Phishing Scheme The following is recommended: Report incident to the InternetFraudComplaintCenter – http://www.ic3.gov Report incident to the security department of the company being spoofed in the e-mail (again, use public directory services to locate company information) More ... Anti-Phishing Working Group Bowling Green State University incorporates the ISO/IEC 17799:2005 Code of Practice for Information Security Management. References to ISO section numbers facilitate Plan organization and assessment.