Phishing Information and Awareness Training
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal campus users' personal identity data and financial account credentials. Social-engineering schemes use spoofed e-mails masquerading as a legitimate businesses and agencies to lead campus users to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords. Technical-subterfuge schemes plant crimeware onto computers to steal credentials directly, often using systems to intercept consumers online account user names and passwords - and to corrupt local navigational infrastructures to misdirect campus users to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers’ keystrokes).
The number of unique phishing websites detected by Anti-Phishing Working Group (APWG) during the first quarter of 2008 saw a massive increase during the month of February, an increase of more than 77 percent from January 2008.
Phishers use a variety of techniques that prey upon human nature to lure victims into providing their personal and financial information.
“If you do not respond immediately, your account will be suspended”
“The offer is only good for the next 15 minutes”
“You have been chosen to receive…”
”Your account has been compromised and your data must be verified”
Ways to avoid getting hooked by Phishing attempts
Do not reply to email or pop-up messages that ask for personal or financial information.
Do not click on links provided in emails
If the email is sent by an institution that you are part of, open a web browser and manually enter the web address of the institution.
Do NOT cut-n-paste the address from the email.
Do not call any numbers provided in email. Use numbers provided by your affiliated institution in statements or on your membership card.
Use and regularly update anti-virus and anti-spyware software as well as firewalls.
Use security images to verify you are on the correct site, where supported - Coming Soon to SacLink.
Forward spam that is phishing for information to email@example.com. The Information Security Office will analyze the phishing attempt and take appropriate action. If you feel you have become a victim of a phishing attack, please contact the Information Security Office.
Information Security Office