Security Center > Phishing

What are phishing scams & how can I avoid them?

• Phishing Explained
• Warning Signs
• How to Avoid Them
• Use the Microsoft Phishing Filter
• Links and References
• Report Phishing Attempts

 

Phishing Explained

Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate sources like your bank, your Internet Service Provider, eBay, or PayPal, for example. These messages usually direct you to a fake web site and ask you for private information (e.g., password, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

Example of common AU-related Phishing Scam:

Warning Signs

There are often signs that can tip you off that a message may not be what it appears. The hints below can help you avoid "taking the bait."

• Urgent Language - Phishing attempts often use language meant to alarm. They contain threats, urging you to take immediate action.  “You MUST click on the link below or your account will be canceled.”
• The Greeting - If the message doesn't specifically address you by name, be wary.   Fake messages use general greetings like “Dear eBay Member” or “Attention Citibank Customer” or no greeting at all.
• URLs Don’t Match - Place your mouse over the link in the e-mail message.  If the URL displayed in the window of your browser is not exactly the same as the text of the link provided in the message, run.  It’s probably a fake.   Sometimes the URLs do match and the URL is still a fake.  Before you click, look for other clues in the message like the use of a secure connection (SSL – https://).
• Avoid the Obvious- “Official” messages that contain misspellings, poor grammar and/or punctuation errors are dead-giveaways – assume those are fake.  And, of course, if you don’t have a Wachovia credit card, for example, don’t respond to a request for information for card holders!
• Request for Personal Information - If an e-mail message asks you to provide your user name, password, or bank account information by completing a form or clicking on a link within an e-mail message, don’t do it.   Legitimate companies will never ask you to provide that kind of information in an e-mail message.  Most legitimate messages will offer you an alternate way to respond like a phone number.
  

Can you spot a phishing e-mail? Take this short quiz to find out.

How to avoid them

OIT and other legitimate agencies will never ask you to provide personal information like user name or password via an e-mail message.  If you receive such request, do not respond.  Instead, report it!  Forward that message as an attachment to abuse@auburn.edu.  Reporting these messages will help OIT block it's spread at the university firewall level.  Once you've forwarded the message to OIT you should delete it from your inbox.  If you receive an e-mail message that appears to be suspicious, trust your instincts and do not respond. 

While some legitimate messages may contain a link, it is best to err on the side of caution.  Instead, go directly to the company's website or contact them by phone to see if you really do need to take any action.  Most legitimate messages will offer you an alternate way to respond like a phone number.  You can always request confirmation of any message appearing to be from OIT by contacting the OIT HelpDesk at (334) 844-4944 or helpdesk@auburn.edu.

In general, you can protect yourself by following these simple guidelines:

• Use antivirus software on your computer.  AU students and employees can download it free at http://www.auburn.edu/download.
• Keep your computer's antivirus, spyware, browser, and Windows security patches up to date.
• Use a browser that has a phishing filter.
• Monitor your credit card, banking and personal accounts regularly and investigate unauthorized activity.

Use the Microsoft Phishing Filter

If you use Internet Explorer as an internet browser you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site. Read more about it here: http://www.microsoft.com/protect/products/yourself/phishingfilter.mspx

If you do fall victim, tips for damage control are available on the OIT Security Center

Links and References

For avoidance tips, more info and examples try these sites:

• http://www.antiphishing.org/
• http://www.scambusters.org/
• How Not to Get Hooked by a ‘Phishing’ Scam

Report phishing attempts

You can report these phishing scam attempts to the company that's being spoofed.

• Help AU's e-mail phishing filter work better by forwarding fraudulent e-mails to: phishing@ciphertrust.com.
• Send reports to the Federal Trade Commission (FTC) at: https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
• Send details to the Anti-Phishing Working Group, which is building a database of common scams to which you can refer: http://www.antiphishing.org/report_phishing.htm

 

Office of Information Technology

Report a Problem | Suggest Improvements

helpdesk@auburn.edu | (334) 844-4944