Phishing is a term used to describe a technique used in online security fraud for convincing a user to provide confidential information through a website or email. The information may be used for fraud, identity theft, or other compromise. The university community has recently seen emails falsely labeled from Citibank, PayPal, and others attempting to convince the user to surrender private information.
Phishing is a form of social engineering in which the attacker attempts to trick people into revealing private information by sending spoofed email that appears to be from reputable institutions. Phishing e-mails can provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal or confidential information. These emails may also threaten you with closing your account (bank, email, etc.), demanding money which they say you owe, or other warnings and intimidation. The information you provide can be used for the theft of your identity which could enable the perpatrator to drain bank accounts, open charge accounts in your name and other damaging criminal activities. DELETE any phishing email.
NOTE: Stevens will NEVER request passwords or other personal information via email. Messages requesting such information are fraudulent and should be deleted.
Any email thought to have been sent by Stevens requesting personal or confidential information should be deleted. If you have any question about the validity of an email, call the sending institution or department directly (using their main information number), or contact the Information Technology Help Desk at www.stevens.edu/helpdesk or 201-216-5500.
Quick hints about phishing:
- Know the online institutions and businesses you deal with. When an email arrives from an unknown, remember: it could be fraud, it's definitely spam, and it is definitely not for you. Delete it.
- Consider the subject line of an email carefully. Citibank will never send you an email headed "Citibank Account Update ACT-N0W". These messages may get through spam filters because they appear to come from a reputable source, but that doesnât mean itâs really from Citibank.
- Understand how the institutions and businesses you deal with want to interact with you. For example, banks usually want you to access your account through a secure website not an email link. âPhishingâ mails should stand out because they don't follow the usual rules.
- Practice safe browsing. Open a new browser window each time you log on to a web site that displays personal information. When you are done at that site, log out and close that browser window.
- Be sure to look for spelling and grammatical errors, especially from companies you know. Phishing from foreign countries can be grammatically incorrect, or have misspellings and give themselves away as phishing attempts.
- Don't click on a link in email, rather launch your browser and type in the address box the address you know for that organization (e.g. www.stevens.edu). URLs can be disguised so don't take a suspect link at face value.
- Never enter your personal or credit information into a form in an email. If you feel the email is legitimate, call the company or visit their web site and log in to provide the requested information.
- Expect good customer service. Emails from phishers are not usually personalized. If you receive a "Dear Customer" email, it may be time to move on.
- Read all of your financial statements, credit card statements, etc. every month to ensure your charges and debits are correct. Often information obtained through phishing is not used right away. Stay vigilant and report any suspicious activity immediately.
- Use and maintain your email protection software for spam blocking, fraud blocking, and anti-virus. If you have any questions, contact the Stevens Information Technology Help Desk at www.stevens.edu/helpdesk or 201-216-5500.
"Phishing" schemes will continue to get more sophisticated and harder to detect. A combination of technology and awareness is the key to keeping the phishers at bay and your identity private.
The following links with aid in recognizing potential phishing attempts and avoid the common errors associate with phishing recognition: