 |
|
Phishing
What is "phishing?"
Phishing
occurs when a person is tricked into divulging private information
through what is perceived to be a legitimate website or email request.
The email request appears to come from legitimate institutions such as
Citibank, EBay, PayPal, and Bank of America.
Watch a quick video about phishing! This video was a winning entry in last year's Security Awareness Video Contest sponsored by the EDUCAUSE/Internet2 Computer and Network Security Task Force and the National Cyber Security Alliance.
|
Bob, You've Been Phished By Kevin Atef, Johnson Chau, & Michael Wong, Cal Poly Pomona if video fails to open, please right click on link and choose "save link as" to download the file
|
How Does Phishing Work?
Phishing occurs when a con artist sends an unsuspecting customer an email indicating that there is a problem with their account. The phisher often provides a link within the body of the email that the customer can click on to “resolve” the fake problem. Once
the user clicks on the link in the email, they are often re-directed to
a website that is used to capture personal identifiable information
such as credit card numbers, bank account numbers, and social security
numbers. In addition, after the unsuspecting customer has
clicked on the link, the con artist may install key logging software on
a customer’s system to capture sensitive information. The intent is
often to steal the person’s identity and/or steal money out of the
account given.
Dangers of phishing
- Exposure to identity theft
- Money removed from bank accounts
- Online accounts used for illegal purchases
How to spot a phishing scheme
- Banks, PayPal, eBay, etc. will never ask you for your password, or for personal information such as social security numbers
-
Never click a link from an e-mail to confirm information or log into an account. If you think the message may be legitimate, go directly to the website by typing the URL (universal resource locator) into your web browser's address bar and log in.
- Immediately delete e-mails that seem suspicious, especially if they are from a company that you don't normally do business with.
- Use the mouse-hover feature built into your web browser or email client to spot invalid links. If a link location points to a different place, do not click the link.
The
following is a phishing email. Note the use of PayPal's logo and color
scheme in an effort to confuse recipients. Also note the bottom left
corner of the image- although the target website for the link is
similar to the PayPal site, it actually points to an entirely different
page.
If you think you may have already fallen victim to a phishing scheme
If you have been the victim of Identity Theft:
Contact the University Police Department and file a police report. You can reach UPD at 202-994-6111, or visit the following website: http://gwired.gwu.edu/upd/Education/IdentityTheft/
Security Tips To minimize the risk of unauthorized access
- Contact the legitimate institution to report the problem and close the account.
- Monitor your accounts for unusual activity, and contact your banking institution immediately if you notice anything suspicious
- Change all online passwords, using a different strong password for each account
- Contact the University Police Department and file a police report. You can reach UPD at 202-994-6111, or visit the following website: http://gwired.gwu.edu/upd/Education/IdentityTheft/
- Have a credit check done. Identity theft can ruin your credit history, making it difficult to qualify for credit cards, car loans and mortgages in the future. By monitoring your credit, you can ensure that your credit has not been damaged by a scam artist. You can get a credit check from several websites, and you are entitled to one free credit report per year under the Fair Credit Reporting Act. Make sure that any credit check you get contains data from all three major U.S. credit bureaus.
|
Credit Bureau |
Contact Information |
|
Equifax |
1-800-525-6285 |
|
Experian |
1-888-EXPERIAN (397-3742) |
|
Transunion |
1-800-680-7289
|
If you have been the victim of Identity Theft:
Contact the University Police Department and file a police report. You can reach UPD at 202-994-6111, or visit the following website: http://gwired.gwu.edu/upd/Education/IdentityTheft/
OR
Contact The Federal Trade Commission at
1-877-IDTHEFT (877-438-4338) where consumers who have been victims of
identity theft can report the crime and get advice from telephone
counselors trained to provide assistance to ID theft victims.
Security Tips To minimize the risk of unauthorized access
- Install and keep anti-virus software up to date. A free copy of Symantec Anti-Virus can be obtained from http://helpdesk.gwu.edu/helpdesk/nav/
- Keep your operating system patched. Information on patching can be found at http://iss.gwu.edu/sts/security/windowsupdate/
- Use a personal firewall. Information can be found at http://helpdesk.gwu.edu/helpdesk/security/firewall.html
- If you use on-line services, such as on-line banking, type in the universal resource locater (URL) to the legitimate website yourself. Do not click on or follow the links in emails you receive.
| City Hall 114, 950 24th Street NW, Washington, DC 20052 |  |
Hotline: 202-994-7041 |  |
sts@gwu.edu |
