MC Home - ISC Home - Securing Computing - Beware of Phishing Scams

Beware of Phishing Scams

Phishing is the fraudulent attempt to lure confidential information, such as bank account numbers, credit card numbers, PIN numbers, passwords, etc., from unsuspecting victims via e-mail, text, and phone messages.

Phishing messages appear to come from reputable institutions and web sites (e.g., banks, colleges, Facebook, LinkedIn, eBay, PayPal, etc.), and they usually instruct you take some type of urgent action to avoid a negative consequence. Below are some examples of phishing messages:

• "As this message is being sent, you have 18 megabytes (MB) or more stored in your inbox. To help us reset your space in our database, please enter your Domain/Username (_________________)  Password/Passcode (_______________)"
• "There is a problem with your account. Click on the link below to verify your account information or your account will be closed."
• "Your credit card has been deactivated. Please contact us at (555) 555-5555) to reactivate your card."
• "Your account expires in 24 hours. To revalidate your mailbox, please click on the link below. Failure to revalidate your mailbox will render your e-mail in-active from our database."

IMPORTANT! No one should ever ask for confidential information in an e-mail, text, or phone message. If you receive a phishing message, the best thing to do is to just delete it. NEVER give out personal or confidential information in response to a phishing attempt!

If you are unsure whether a message is legitimate, you can call the institution and ask. You also can research it on the Web. For example, conduct a Google search by typing in the name of the institution followed by “phishing scam” (e.g., “Citibank phishing scam”) or search the institution’s web site for information about phishing scams. (Never try to go a web site by clicking a link in the message. In a phishing message, the link will take you to a fraudulent site.)