Information Security Office

Office of Information Technology

Protecting Yourself from Phishing and Other Scams

Protecting Yourself from Phishing and Other Scams...

Phishing

Phishing is one of the most pervasive of Internet problems. A phisher typically sends a spam e-mail message to thousands of mailboxes.

The message often will appear to be sent from a legitimate company, such as PayPal, eBay or a financial institution. Pretending to be another entity or individual is known as "spoofing."

The body of the e-mail message usually contains a warning that your online account has been compromised, and urges you to re-enter your personal information (User ID, password, credit card or account number) by clicking on a link to a Web page.

A phishing e-mail message may contain a clickable Web link:

http://www.paypal.com

Unfortunately, it is very easy for an individual to write computer code that displays a legitimate-looking Web link that will take you to a completely different (fake) Web site. Place your cursor over the "PayPal" link above to see where you would be sent if you clicked on the link.

If you do click on a forged Web link, you would probably be taken to a Web site that may look like an official company page - complete with logos and features of the official site. This is actually a page that is designed to collect your personal information.

Providing passwords, Social Security numbers or other personal information may make you a victim of identity theft.

Other Scams

In addition to e-mail messages that "phish" for financial information, messages can also have attachments that contain viruses. Clicking (opening) an infected attachment can launch a virus onto your PC that can also be sent to all of the e-mail contacts found on your machine.

Some viruses can take over your PC, forcing it to become a "bot" that is used to send spam and/or infected e-mail messages. To avoid infection by viruses, delete suspicious e-mail messages immediately.

Protect Yourself

Don't open suspicious e-mail messages - Legitimate companies will NEVER ask you to provide personal information - like passwords or financial account information - via e-mail.

Don't click on links to financial companies from within e-mail messages - If you feel that you must check out your personal information on a Web site, go to your browser's Address window and type in the Web address there. For example, type in http://www.ebay.com.

Keep yourself up to date on the latest scams - You can do a simple Google or Yahoo! search on phishing / online scams. Or, you can check out sites such as:

• The Anti-Phishing Working Group: http://www.antiphishing.org/
• Information on Phishing from the Federal Trade Commission:    http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
• Search for nformation on "fake" viruses and chain letters at the Snopes Urban Legends Page: http://www.snopes.com/
• Information on Spam, Phishing and Online Scams from the Spamhaus Project: http://www.spamhaus.org
• Information on Personal Computer Vulnerabilities and Computer Viruses from CERT: http://www.cert.org

©The University of Texas at San Antonio One UTSA Circle San Antonio TX 78249
Revised: 06/12/2008
Refer Comments to: oit@utsa.edu
Identity Guidelines | Policies | Emergency Preparedness | Required Links