Untitled Document

Phishing e-mail prompts warning

A rogue e-mail message squeezed through ITD’s spam filter this week encouraging the recipient to provide his user log-on name and password. The message had all the appearances of an official help desk notice.

But upon further reading, the recipient recognized it as a scam.

It’s not often that such e-mail passes through the department’s filtering software, explains ITD Cyber Security Manager Forrest Anderson. But isolated instances have been reported.

E-mail and Internet users always should be suspicious of requests for identity information, even when it appears to be legitimate. If in doubt, contact the Enterprise Technology Services office, district technology staff or Anderson.

The Cyber Security manager offered the following excerpts from a notice on “Recognizing and Avoiding E-mail Scams:”

E-mail provides us a convenient and powerful communications tool. Unfortunately, it also provides scammers and other malicious individuals an easy means for luring potential victims.

The scams they attempt run from old-fashioned bait-and-switch operations to phishing schemes using a combination of e-mail and bogus Web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you should understand what they are, what they look like, how they work and what you can do to avoid them. The following recommendations can minimize your chances of falling victim to an email scam:

Filter spam.
Don’t trust unsolicited email.
Treat email attachments with caution.
Don’t click links in email messages.
Install antivirus software and keep it up to date.
Install a personal firewall and keep it up to date.
Configure your email client for security.

These recommendations are explained in the section “What You Can Do to Avoid Becoming a Victim.” Ignoring them may leave you vulnerable to identity theft, information theft, the abuse of your computer for illegal activity, the receipt of bogus or illegal merchandise, and financial loss.

Phishing E-mail
Phishing e-mails are crafted to look as if they’ve been sent from a legitimate organization. These e-mails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information.

The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing. For instance, an e-mail can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the e-mail and complete an online form.

The e-mail is sent as spam to tens of thousands of recipients. Some, perhaps many, recipients are customers of the institution. Believing the email to be real, some of these recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution.

If the e-mail is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site.

See complete text