Phishing & Identity Theft Scams

Phishing is an attempt to gain access to your confidential information (passwords, usernames, bank accounts, PINs, etc.) by posing as a trustworthy organization.  Examples of sites often impersonated by phishers include financial institutions (your bank, PayPal), ecommerce sites (Amazon, eBay), social media sites (Facebook, Twitter) and even Whitman College. Phishers may ask you to respond by reply email, by filling out a form on a website, or by calling a phone number.  Frequently, they'll claim you've won a prize or threaten you with some action, such as deletion of your account, if you do not respond.

The most common form of phishing email attempts to dupe the receiver into clicking a link to a fraudulent website, where the victim is asked to enter personal information.

 

Other conventional ploys: "Please click to verify your account." "You have won one million dollars."  "Your account will be deactivated if you don't respond within x hours." 

So how do you identify phishing messages from legitimate email?

Identifying a phishing message

The following is an example of a real phishing message sent to Whitman users that is full of fraudulent email indicators. Look at the legend below the image for more information.

  1. A ‘From' address that doesn't look right. From addresses can be easily falsified, so take these worth a grain of salt. That said, careful inspection of the From properties can indicate something's up, such as the non-Whitman address listed here.
  2. ‘To' address shenanigans. There are several ways the To address can indicate something's off:
  3. Generic greeting. Most legitimate institutions have your information on file and will address you by name. A "Dear Valued Customer" salutation is suspect. However, phishers can mine public records and social networking sites for your personal details, so don't assume a message is safe just because it contains your name or other trivia.
  4. Threats or limited offers that create a sense of urgency or anxiety. Fraudsters rely on your acting on impulse or in fear to override the warning signs you might have noticed, albeit subconciously. If you ever get a message like this and it looks legitimate, please contact Technology Services for verification before proceeding.
  5. Mistakes in grammar or spelling. Real organizations do mess up, but if the message is so full of errors your elementary school teacher wouldn't accept it, it's likely a scam.
  6. Links to unrecognized or slightly misspelled sites. Most email fraud uses malicious links as it's relatively easy to craft a fraudulent web page that looks legitimate, and criminals can install malware simply by having you visit a malicious page.

    The best way to stay safe with links in email is to "Hover before you click!"  Look at the link and see if it makes sense. There are a couple of things to look for:
    1. If the mail claims to be from Whitman, but the link points to a different site, as in this example, it's probably not legitimate. You can always contact the purported sender for verification first.
    2. Variations of legitimate site names are another common strategy. Some examples would be www.whtman.comwww.verify-whitman.edu, or www.whitmane.du.

Phishing Precautions

General Security

Email is not a secure form of communication, as messages can be intercepted in transit.

Viruses

Emailed attachments can come bundled with viruses.  Downloading an attachment, even one with a harmless name, can infect your computer.  Only open attachments if you trust the source.  Many people choose only to open attachments that they have confirmed through verbal communication with the sender.

Non-malicious spam (an oxymoron?)

Unsolicited bulk email messages can fill up your mailbox and become extremely frustrating.  To avoid this predicament:


Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.

Related issues