|
What is it?
Phishing is a social engineering technique used to collect personal information such as bank account or credit card numbers, account names and passwords, or social security numbers. The primary method involves posing as a legitimate source requesting this information such as a bank or credit union, Internet financial service providers such as Ebay and PayPal, and even government agencies like the IRS.
Phishing is typically carried out by email or instant messaging where recipients are instructed to click on a link that takes them to a counterfeit web site that requests their personal information.
Some variations include "Spear Phishing" which targets members or employees of specific organizations. "Whaling" describes phishing attempts directed at high level, executive employees. "Vishing" combines email messages with instructions to call a toll-free number rather than click on a web link.
What to do?
In all cases, the best course of action is to ignore and delete the fraudulent message. If there's any doubt about its legitimacy, please contact the University's Help Desk at 442-3700. You can also send samples to the Information Security Officer to be included on this page.
Click on any of the following links to view samples of different phishing techniques. In each sample you will see notes in blue type, commenting on or pointing out the fraudulent elements in the message:
|
