Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

What are phishing scams and how can I avoid them?

On this page:

Phishing explained

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed web site or otherwise get you to divulge private information (e.g., password, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

An example of a phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information. For an example of a phishing scam targeted at Indiana University, see below.

Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.

Avoiding phishing scams

Be suspicious of any email message that asks you to enter or verify personal information, through a web site or by replying to the message itself. Never reply to or click the links in a message. If you feel the message may be legitimate, go directly to the company's web site (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.

When you recognize a phishing message, delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to.

Always read your email as plain text. Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans. For more, see In Windows, how do I force my email client to display mail as text only?

Warnings

Reading email as plain text is a general best practice that, while avoiding some phishing attempts, won't avoid them all. Some legitimate sites use redirect scripts that don't check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites.

Another tactic is to use a homograph attack, which, due to International Domain Name (IDN) support in modern browsers, allows attackers to use different language character sets to produce URLs that look remarkably like the authentic ones. For more, see Don't Trust Your Eyes or URLs on the TidBITS site.

Reporting phishing attempts

You can report these phishing scam attempts to the company that's being spoofed. You can also send reports to the Federal Trade Commission (FTC).

Depending on where you live, some local authorities also accept phishing scam reports. And finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.

For more information about phishing scams, see OnGuard Online's phishing information page.

Example of a phishing scam

The following phishing scam was targeted at IU Webmail users:

----------------------------------------------------------------- From: "INDIANA.EDU SUPPORT TEAM" <supportteam01@indiana.edu> Reply-To: "INDIANA.EDU SUPPORT TEAM" <spupportteam@info.lt> Date: Sat, 12 Jul 2008 17:42:05 -0400 To: <"Undisclosed-Recipient:;"@iocaine.uits.indiana.edu> Subject: CONFIRM YOUR ACCOUNT Dear INDIANA.EDU Webmail Subscriber This mail is to inform all our {INDIANA.EDU} webmail users that we will be maintaining and upgrading our website in a couple of days from now.As a Subscriber you are required to send us your Email account details to enable us know if you are still making use of your mailbox. Be informed that we will be deleting all mail account that is not functioning to enable us create more space for new students and staffs of the school, You are to send your mail account details which are as follows: *User Name: *Password: *Date of birth: Failure to do this will immediately render your email address deactivated from our database. Thank you for using INDIANA.EDU FROM THE INDIANA.EDU SUPPORT TEAM ------------------------------------------------------------------
This is document arsf in domain all.
Last modified on August 05, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.