Watch out for new kind of e-mail fraud: Phishing

(Aug. 20, 2004)--Phishing (pronounced "fishing") is a new kind of fraud in which phony e-mails are sent to you for the purpose of luring you into disclosing personal information, such as account numbers, person identification numbers (PINs) or Social Security numbers.

Some phony e-mails recently circulated appear to come from Citibank or eBay. Since Citibank has no banks in the San Antonio area, it makes an inquiry about your account information particularly suspicious.

How does it work?

The criminal (called a '"phisher") creates phony e-mails disguised as legitimate e-mail from sources you trust in order to deceive you into disclosing your financial account information or other personal data such as passwords or PINs to use for identity theft and fraud.

How do you recognize it?

Identifying phony e-mail messages is not always easy. These e-mails may ask you to reply to them directly or they may ask you to click on a link, which takes you to a bogus Web site that appears legitimate. However, these are the things you can look for:

  • Urgent appeals – frequently these e-mails make some form of urgent appeal, for example, stating your account may be closed if you fail to confirm, verify or authenticate your personal information immediately.
  • General greetings – bogus e-mails often provide a general greeting and don't identify you by name, e.g. "Dear Prospective Customer."
  • Typos and other errors – bogus e-mails and Web sites may contain typographical or grammatical errors. The writing also may be awkward, stilted or inappropriate, and the visual or design quality may be poor.

How can you protect yourself?

  • Do not reply or click on a link in an e-mail that warns you (with little notice or prior legitimate expectation) an account will be shut down. Contact your bank or financial institution directly and ask questions.
  • Do not click on links you receive in an e-mail asking for personal information.
  • Look for the locked padlock on your Web browser's status bar or look for "https://" at the beginning of the Web address. While the presence of these two items does not guarantee the Web site is legitimate, the absence of them does indicate the Web site is not secure.

Use your best judgment. Be cautious of e-mails from companies that you did not contact or recognize. For those e-mails, your delete button is your best option!

University Communications
Contact Us

text size | + | R |