Phishing & Identity Theft
Phishing is a deceptive practice that is used to steal personal data such as credit card information, passwords, or other sensitive data. How can you recognize it? Sometimes it's hard. You'll get an email that claims to be from a trusted source, like Lehigh, your bank, Ebay, Paypal, etc. The message will claim that your account is in jeopardy somehow unless you...
- Email your password in a reply to the source.
- Click on a link to go to a Web page that is supposedly the Web site of the trusted company or university.
Spear phishing is a highly targeted type of phishing that may be aimed at a given organization, such as Lehigh. The text of the message may be tailored to Lehigh recipients even though the sender is not legitimate. Lehigh will NEVER ask you to provide a password via email. You should also be very wary of clicking on links within email messages asking for sensitive information. They may be "spoof" web pages that merely collect and use your information. If in doubt, contact the company/university directly or open a new Web page and log into their account page.
How can I protect myself against phishing scams?
- Make sure your computer has up-to-date virus protection software and a personal firewall.
- Don't click on links in email messages, especially if they ask for personal information.
- Look for signs of security (legitimate companies will use secure, encrypted Web pages. Look for "https://" in the web address. The "s" stands for "secure". Look for a locked padlock icon in the lower part of your browser window. This indicates that the site is encrypted, which means your data is protected when you send it over the Internet.
- Verify the Web site address. Go directly to Web sites rather than clicking links within email messages.
- Create hard to guess passwords.
- Change your passwords and PINS frequently.
Where does the term phishing come from?
The word "phishing" comes in part from the idea that scammers are "fishing" for personal data from the sea of email/Web users. "Ph" is a common hacker replacement for "f." The term was first coined in 1996.
- SonicWall Phishing and spam IQ quiz
- Washington Post Phishing quiz
- Microsoft's How to recognize phishing scams and fraudulent email
- Ebay's Recognizing spoof web sites
- Mailfrontier's Guide to Phishing (has very clear visual examples of phishing)