Information Security Training

Bob, You've been Phished! By Kevin Atef, Johnson Chau, Michael Wong, Cal Poly Pomona

Phishing

The term phishing refers to the act of sending an email pretending to be someone from a known company or organization such as a college or university, eBay, Susquehanna Bank, Wells Fargo, or Internet Service Provider (ISP) with the intention of obtaining personal information or data from the recipient. The email usually asks you to clink on a link and asks you to provide personal information such account information. Hackers use this technique to obtain credit card, social security, and bank account numbers. Like traditional fishing, hackers play on the idea that people will take the bait and provide this information. It is surprising that most do.

Any reputable bank, financial institution or ISP will never send an email like this to update your personal information over the Web. If you do receive an email from a place you do business, Do Not Click on any links in the Email. Instead, stop and call that institution immediately! You need to make sure that the request is legitimate even if the email looks official. Be aware that there are several ways to “spoof” a Web address, some can even fool an experienced Web surfer.

Phishing Attempts Specific to Towson University

If you receive a message purporting to be from Towson University and suspect it may be a phishing attempt, please be aware of the following rules/guidelines:

• Do not respond to any emails requesting personal information under any circumstances. Responding to a phisher or spammer simply confirms that you have an actively used e-mail address, and potentially opens you up to receive more spam and phishing attempts.
• OTS will never request personal information over e-mail.
• Phishing attempts can be reported to the OTS Help Center (410-704-5151, helpcenter@towson.edu)
• Suspected phishing messages should be deleted ASAP.

Another term to be familiar with is called “Pharming”. Phishing is directed at one user while pharming redirects many users away from legal web sites to ones that look like legitimate ones. These web sites are designed to steal one’s personal information and possibly sell it to other thieves. The best preventive measure is to not click on web links in emails.

One way you can avoid phishing is to use security software such as anti-virus and anti-spyware software application. These provide the user some protection against hackers. Your email system from the ISP will provide some protection as well. Layering this security defense will enhance your protection.

For more information:

• Anti-Phishing Working Group
• Microsoft Phishing prevention tips
• Phishing
• Why Phishing Works
• Avoiding Social Engineering and Phishing Attacks
• Phishing Information
• Identity Thief goes Phishing for Consumers Credit Information

If you need further assistance, email infosec@towson.edu for help.
 

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu