Technology Department News

Phishing

Eastern Michigan University has issued a nice reminder about Phishing scams and SPAM. I’ve received permission from them to repost that information here.

With the holiday season upon us, we are seeing an increase in the volume and the quality of email phishing scams.  Phishing is an attempt, usually made through fraudulent email, to steal your personal information.

Phishing emails usually appear to come from a well-known organization and ask for your personal information, such as, credit card number, social security number, EMU ID or password. Some recent phishing attempts have gone so far as to use the EMU logos to give them “authenticity.”  Other phishing attempts may appear to come from sites or companies with which you do not even have an account.

In order for Internet criminals to successfully “phish” your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations (including the EMU IT Help Desk) would never request this information of you via email.

Here are some things to look for in an email that may indicate a phish:

 

  • Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they do not have to individually type all recipients’ names. If you do not see your name, be suspicious.

 

  • Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, do not click on the link. Also, websites where it is safe to enter personal information begin with “httpss” (the “s” stands for secure). If you do not see “httpss”, do not proceed.

 

  • Requests personal information. The point of sending a phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.

 

  • Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

You should change your passwords often. A good time is when you reset clocks. At that time, change your important passwords. Also, don’t use the same password for multiple sites. The most popular passwords are:

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
You get the idea. Don’t use those. Good passwords should not be based upon a word. They should also include alpha characters, numeric characters and punctuation.

Advanced Tip: If you hover your mouse over a link (without clicking on it), it should show you the real URL that you would go to. (See below). Notice that there is no real name. Also note that holding the mouse over the link www.att.com/managemyaccount really leads to a totally different site (which I won’t type out here, but starts with issueswith….

Screen shot of SPAM Email