Clemson Computing & Information Technology

Full Listing

What are phishing scams and how can I avoid them?
View The Full Article
Phishing explained Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises e.g., your university, your Internet service provider, your bank. These messages usually direct you to a spoofed web site and ask you for private information e.g., password, credit card, or other account updates. The perpetrators then use this private information to commit identity theft. An example of a phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to click here to verify your information. For more examples, see: http://www.antiphishing.org/phishingarchive.html How to avoid them To avoid phishing scams, never click the links provided within these types of email messages. If you feel the message may be legitimate, go directly to the companyand39s web site i.e., type the real URL into your browser or contact the company to see if you really do need to take the action described in the email message. Delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to. You should also always read your email as plain text. Phishing messages often contain clickable images that look legitimate by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other nontextonly formatting, attackers can take advantage of your mail clientand39s ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans. Warnings Reading email as plain text is a general best practice that, while avoiding some phishing attempts, wonand39t avoid them all. Some legitimate sites use redirect scripts that donand39t check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites. Another tactic is to use a homograph attack, which, due to International Domain Name IDN support in modern browsers, allows attackers to use different language character sets to produce URLs that look remarkably like the authentic ones. For more information, see: http://db.tidbits.com/article/07983 Reporting phishing attempts ALWAYS Report phishing scam attempts to the CCIT Security Office at http://www.clemson.edu/ccit/safecomputing/index.html To report attempts on your personal home machines, you can report these phishing scam attempts to the company thatand39s being spoofed. You can also send reports to the Federal Trade Commission FTC at the following URL: https://rn.ftc.gov/pls/dod/wsolcq.startupZORGCODEPU01 Depending on where you live, some local authorities also accept phishing scam reports. And finally, you can send details to the AntiPhishing Working Group, which is building a database of common scams to which people can refer: http://www.antiphishing.org/