Phishing is an illegal Internet activity that often ends up in identity theft for its victims. Phishing scams try to steal confidential information by trolling for unsuspecting victims through e-mails and sending them to fake web sites where they are tricked into providing personal information. The phishing problem is so widespread that the Federal Trade Commission and a global anti-phishing group are actively fighting it.
Phishing e-mails appear to come from banks and many other businesses such as eBay and Paypal. Their messages urge you to go to their counterfeit web sites that appear identical to the authentic ones, with warnings of dire consequences if you do not comply. The fake web sites request that you “validate” personal or financial information or otherwise try to trick you into providing credit card, bank account, and/or Social Security numbers. No matter how compelling or urgent these requests seem, you can be sure that they are phishing if you did not initiate the contact. Legitimate businesses would never seek personal information in this manner.
Recognizing a Phishing Attempt
Phishing attempts often come from seemingly legitimate sources but usually contain clues that they are not valid like:
- Odd English sentence structure or misspellings.
- A return email address/web link that is not from or to the institution.
- Questions about you that the organization already knows about you like your account name, password, location, etc.
The precautions are simple
- If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either.
- Never reveal personal and confidential information such as credit card numbers, passwords, demographic or geographic information, account information or social security numbers via email.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
- Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
- Never respond to suspected phishing e-mails under any circumstances.
Thousands of such fraudulent messages flood the university's e-mail system every day, but fortunately, Jefferson's anti-spam defense is at work to reduce the number that arrive in your mailbox.
What can I do if I suspect a phishing attempt?
There are some simple steps you can take to report phishing attempts:
- Forward spam that is phishing for information to firstname.lastname@example.org and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
- Verify the request. Call the institution or organization and confirm they need your information If you ever have a question about the legitimacy of an e-mail, please call 3-7600 for verification and advice.
For more information on phishing scams, refer to:
If you feel you have been victimized by identity theft, check this Federal Trade Commission web site for advice about the next steps to take.
Take the OnGuard Online Phishing Quiz
Think you know how to avoid phishing? Try the OnGuard Online "Phishing Scams: Avoid the Bait" online quiz.