Phishing is an Internet scam where scam artists send official-looking emails to people, attempting to fool them into disclosing their personal information. They can pretend to be from a legitimate bank, organization, government agency or store, or claim to be the host of a lottery or contest. Some even imitate the University Helpdesk. They try to get victims to reveal personal information such as user names and passwords, banking records or account numbers, or social security numbers by replying to the email or entering it on a phony web site. Phishing is dangerous because it can easily result in credit card fraud or identity theft.
Phishers are tricky. They use upsetting or exciting (but false) statements in order to elicit an immediate response from users. This is how they reel people in. Phishing occurs more often than you might think. According to Dr. Dobb's, 500 million phishing emails are sent delivered every day!
Now that you know phishers' motives and methods, follow these basic security precautions in order to avoid becoming a victim.
Example #1: The email advertises exciting new features for University of Rochester users and tries to get you to visit a link to login. It includes the main UR mailing address in an attempt to appear more authentic.
Example #2: The email appears to be a receipt from the popular e-tailer Amazon.com. It looks official and tries to get you to click to review a purchase that you certainly didn't make. If you mouse over any of the links though, you will see that none of them point to the official amazon.com web site. If you are concerned, find Amazon's phone number and call them or inquire with an official Amazon email address as found on their Help web site - do not click the link.
Example #3: The email impersonates the University of Rochester Helpdesk. It includes a UR image and mailing address and appears to be sent from an email address similar to the official Helpdesk email in an attempt to appear more authentic. The link is clearly not to a University of Rochester server, however. When in doubt, call the real University IT Helpdesk at 585-275-2000 to inquire if the message was real.
View our Phishing Awareness Video to gain some helpful information about phishing.