What are phishing scams & how can I avoid them?

 

Phishing Explained

 

Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate enterprises (e.g., your bank, your Internet Service Provider, E-bay, PayPal). These messages usually direct you to a spoofed web site and ask you for private information (e.g., password, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

 

An example of a phishing attempt is an e-mail message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information. For more examples, see: http://www.antiphishing.org/phishing_archive.html

 

How to avoid them

 

To avoid phishing scams, never click the links provided within these types of e-mail messages. If you feel the message may be legitimate, go directly to the company's web site by typing it in your browser or contact the company to see if you really do need to take the action described in the e-mail message. Delete the e-mail message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to.

 

Can you spot a phishing e-mail? Take this short quiz to find out.

 

What to do if you fall victim?

1. Change your passwords - to do that at AU, visit www.auburn.edu/password.
   Help changing your password?
   
   
2. Take steps to protect yourself - visit this site for damage-control suggestions on what to do if you’ve given out your credit card, bank information, eBay account, or personal information like your SSN: http://www.antiphishing.org/consumer_recs2.html.
   
   
3. Report the phishing attempt - contact the OIT HelpDesk at helpdesk@auburn.edu and the Anti-Phishing Working Group to report it.
   
   
4. Monitor regularly. Use technology tools to protect yourself - update your antivirus software, use phishing filters, and scan and clean your computer against Spyware. Regularly monitor your credit card, banking, and consumer credit information as well.
   

Links and References

 

For avoidance tips, more info and examples try these sites:

• http://www.antiphishing.org/
• http://www.scambusters.org/
• How Not to Get Hooked by a ‘Phishing’ Scam
• EBay information about "spoofed" e-mails
• How to spot a fake e-mail

Reporting phishing attempts

 

You can report these phishing scam attempts to the company that's being spoofed.

• Help AU's e-mail phishing filter work better by forwarding fraudulent e-mails to: phishing@securecomputing.com.
  
  
• Send reports to the Federal Trade Commission (FTC) at: https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01
  
  
• Send details to the Anti-Phishing Working Group, which is building a database of common scams to which you can refer: http://www.antiphishing.org/report_phishing.html