- Author: Damon DiPietro
- Author: Jim Coats
One of the sad realities of email is that all of us will at some point be subject to "phishing" attempts. Wikipedia's definition of phishing is "the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication." Read on for important information you should know about the trusted institutions you work with online and about these phishing messages. These tips will help protect your personal information online and keep you from becoming the victim of a scam.
About your institutions... Banks, credit card companies, hospitals, universities, and other institutions have rigorous standards with regard to divulging personal information IN BOTH DIRECTIONS of the electronic communication—meaning that they won't send out your SSN, account password, etc. over email and they won't ask you to do so either. You will be directed to a secure website for any such request. So the first tip is this: Any electronic message that asks for personal information or account information over email is a phishing attempt! There were exceptions to this ten years ago, but I can't think of any today.
Sometimes the email is a little trickier and won't ask you to send the information over email but will direct you to a link contained in the email. Here are a few things to consider when judging the legitimacy of this kind of email:
1. How is the grammar, syntax, or vocabulary in the email? Many of these scams originate in other countries where English is not the first language or the particulars of American English aren't known. So look for misspelled words, incorrect or incoherent phrasing, or missing or bad punctuation.
2. Does the email comes with an "urgent" warning or a threat about your account if you do not take some action? If so, it is most likely a phishing attempt. The only exception to this is when the email includes contact information for the department that sent the message (usually a phone number or email address). When in doubt, call the sender and find out if the email is legitimate.
3. If you hold (but DO NOT CLICK!) the mouse over the link that you're being told to use to "fix" your problem, you can see the actual address it will go to. Many times it will not be an address having to do with the institution that supposedly sent the message. For example, if you were to receive an email from UC Davis saying they're migrating servers and your account will be closed unless you click on the link, and then you moused over the link and it said something like "http://apohome.yuca.uk," that's obviously not a UC Davis website!!
I hope these tips are helpful. There are many more clues that can give away these phishing attempts, but these are the basic ones. Please send this information on to anyone who has questions about phishing attempts or has ever fallen for one.
As part of ongoing corporate security evaluation procedures we have identified an online intrusion in your UC Davis account and our automated system scan shows that your account has been effected by some DGTX virus that might be very harmful to all our subscribers.
We strongly recommend you to copy or click this url to scan your mailbox now. (Link removed)
Please do note that none of your files will be lost during this routine service.
Failure to upgrade your account will render your account from sending and receiving mails.
Thank you,
University of California, Davis
You really need to change your passphrase! Do this quickly in order to reduce the amount of damage that can be caused. There is a link to change your passphrase on this page: https://computingaccounts.ucdavis.edu/cgi-bin/services/index.cgi
Please contact Ryan Brown if you find that you are having problems updating your passphrase.