Don't get hooked by 'phishing'

Don't get hooked by 'phishing'
From Information Resources and Technologies

In the past several months, we have seen an increase in the number of "phishing" e-mails sent to UST accounts. If there is one thing to take away from this article, it is to never provide anyone with your password, Social Security number, credit card number, or any other information via e-mail, and IRT will never request your username or password from you via e-mail.

What is phishing?

Phishing e-mails attempt to deceive the recipient into giving up private information in a response to a message or by leading the recipient to a fraudulent Web site. Individuals who send these messages will then use the returned username and password to send further spam through the victim’s account, or attempt to gain access to sensitive information for illegal purposes. It is called phishing because it “baits” the recipient into providing personal information.

How can I avoid becoming a victim of phishing?

The simplest way to avoid becoming the victim of a phishing attack is to never click on a link from an unsolicited e-mail or reply to an e-mail with personal information. Shown below is a recent example of a phishing e-mail sent to members of the UST community.

Some other ways to avoid becoming a victim:

  • Hold your cursor over the link. A text message will show the URL of the Web site you will be directed to. If it is not the Web site of the company sending the e-mail, or it doesn’t start with "https" you can be pretty sure you've been phished.
  • Never reply to a phishing e-mail; this can give the potential thieves information about you.
  • Keep your virus and firewall software up-to-date; some phishing attacks carry harmful viruses or trojans (malicious software) that can collect personal information from your computer.
  • Never open attachments that end in .exe or aren’t from a trusted source.

A good resource for more information on Phishing Scams is available here.

What are we doing to prevent phishing at St. Thomas?

MailMarshal is a UST-provided tool that utilizes a number of anti-spam and anti-phishing filters to trap unwanted messages; however, the reality is that as we advance in our understanding of how spammers and phishers work, they too advance in their methods of circumventing our security measures. As seen in the example above, some of them have carefully crafted their letters to actually appear to come from a legitimate branch of IRT and often are crafted in a way that our spam filter updates cannot differentiate between phishing e-mail and legitimate e-mail.

How can I help?

As mentioned, never reply to a phishing message. We rely heavily on the user community to inform IRT as quickly as possible when a message gets by MailMarshal filters so that we can minimize negative impact to the e-mail environment.

If you receive a message that you believe may be a phishing attempt please notify IRT via irthelp@stthomas.edu and delete the message.