|
|
||
|
More Information about Phishing
What is phishing?
Phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate or trustworthy entity, in an electronic communication. Phishing has been typically carried out by email (and therefore is a variant of spam) or instant messaging and may also direct users to fraudulent websites to gather additional information. Spear phishing is usually highly targeted an individual communities of users.
An excellent background on phishing - its history and its ongoing evolution, is available at Wikipedia here
Some strategies for recognizing and limiting the success of a phishing attempt
Recognize that Caller Id, Text Messaging Id, and Email “From/Reply To” Addresses Can All Be Forged
Caller id, text messages & email “From” addresses can all be forged- therefore you unfortunately cannot trust them alone as a source of verification or as a valid “reply to” address within an email message. The SFSU HelpDesk will not contact you first this way unless you have already contacted them and will never ask you for sensitive data via email.
Don’t Respond to Mail You Suspect As Spam or Phishing Attempts
As is indicated above, the reply address is often forged, stolen or created for the purposes of sending spam. Replying only indicates your email address is valid.
Use Browsers That Are "Phisher" Aware
As a result of the large volume of attacks against PayPal, EBay and online banking users over the past 3 years, security enhancements have been added to many of the popular web browsers. Internet Explorer 7, Firefox 2.0 and Opera 9.x all have implemented various anti-phishing measures. Turn these features on; this will significantly limit the probability that you are redirected to a fraudulent URL within an email message.
Look At How You Manage Ids & Passwords Across Web Sites Internal & External to SFSU
If you keep your id and password the same on several systems, and you revealed your id & password in this last phishing attempt, consider changing at least your password across all the sites you visit. Phishers are reportedly now using the fact that many people use the same id and password across many of the web interfaces they access (campus, bank, social networking site, etc.) and targeting you at a location you may be more casual in sharing information (such as the campus environment) rather than via a bank communication where you guard may be higher.
Put time on your side.
Malicious messages commonly use threats (such as your email being turned off, etc) to force you to act quickly without thinking. Instead use your time to verify the source of the message if it asks for personal information about you.
Think About Information You Have Posted On Other Websites
The industry is seeing a large volume of “blended” and multi-vector attacks meaning that scammers are attempting to extract sensitive information from multiple sources. If posting your email brings you no real benefit on another site, consider whether it really needs to be public and activate any private sharing features the sites provide.
Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us
Last Modified: 1 Mar 2008
doit@sfsu.edu