Phishing Awareness at UGA
Don't be fooled by e-mail scams asking for passwords or bank info.
What is Phishing?
Phishing is typically an e-mail scam which tries to deceive people into thinking a legitimate organization is requesting private information. These scams request you to either reply, or follow a link to a site that often looks identical to the service the e-mail is mimicking. Banks, E-bay, and Paypal are traditional targets; however, in recent months UGA and many other Universities have been relentlessly targeted by these "spear phishing"Spear Phishing - These are e-mail scams which target a specific organization, such as UGA, in an attempt to trick people into revealing private information. Often, those sending out the scams have researched the targeted organization for names the organization uses, practices, and other details to lend their scams an air of authenticity. Some spear phishing e-mails may look identical to an announcment you may expect from that organization. The best way to combat these is to always be skeptical when someone is requesting information, and to never, ever, e-mail your password, bank account numbers, social security, or credit card numbers. scams.
What does a Phishing e-mail look like?
Phishing e-mails typically have a generic greeting and warn of some sudden change in an account which requires you to verify that you still use the service. These e-mails either include directions to reply with private information, or provide a link to a web site to verify your account. E-mails claiming very sudden changes (within a week) or those that use poor spelling and grammar are clear warning signs of a fraudulent phishing e-mail. Here is a specific example affecting UGA:
Will UGA send legitimate e-mails that look like phishing scams?
There will be times when legitimate messages must be sent to inform our e-mail users. Reasons may include password expiration notices, inactive account removal, or in cases of account abuse among other reasons. However, it is very important to remember that UGA will never ask for your password in an e-mail. Any MyID password refresh or update will always take place on https://myid.uga.edu/ as well. If you are ever in doubt about the legitimacy of a potential phishing e-mail, call the EITS Help Desk at (706) 542-3106.
Why can't UGA stop these e-mails?
UGA stops millions of phishing attempts, spam e-mails, and virus infected messages every day, but the methods scammers use change quickly to try and stay ahead of blocking techniques. Due to the large range of use for UGAMail, we must also be careful not to implement a filter which may block otherwise legitimate e-mail from our users.
How can I avoid phishing scams?
- Never send passwords, bank account numbers, or other private information in an e-mail.
- Avoid clicking links in e-mails, especially any that are requesting private information.
- Be wary of any unexpected e-mail attachments or links, even from people you know.
- Never enter private or personal information into a popup.
- Look for 'https://' and a lock icon in the address bar before entering any private information.
- Have an updated anti-virus program that can scan e-mail.
What should I do if I have been scammed by phishing?
Contact the organization that was the target of the scam to change any private information such as passwords or account numbers immediately. For UGA, contact the EITS Help Desk. If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report. Visit the FTC web site or UGA Infosec for more information on Identity Theft.
Where can I get more information?
- Infosec: Quick and easy steps to stay safe online
- Infosec: E-mail spoofing and spamming
- Infosec: Understanding e-mail headers
- Infosec: E-mail attachment guidelines
- Scientific American article on How to Foil Phishing Scams
- FTC Phishing Site
- Wikipedia: Phishing
- http://www.antiphishing.org/
- Why Phishing Works (pdf)
