Office Hours
|
|
M-F 8am-Noon, 1pm-5pm
|
ISO Main #'s
|
|
Phone: 972-883-6810
|
|
Fax: 972-883-6865
|
Physical Location:
|
|
Jonsson Bldg. (JO)
|
|
3.540 - 3.552
|
Mail Station: JO43
|
Directions to UT Dallas
|
|
Phishing Explanation & Examples
What is Phishing?
Phishing
is a form of theft where the intent is to steal your valuable personal
data, such as Social Security numbers, credit card numbers, passwords,
account data, or other information.
Why is it dangerous?
Regardless of which
story the phishers use, if you fall prey to a phishing email, the end
result may be unauthorized purchases using your credit card or an empty
bank account or other financial account. Identity theft is also a very
common result of phising scams.
How does it work?
A phisher will send you an
email, an instant message or sometimes call you on the phone. The
message may appear to come from a friend, a business (your bank), a
government agency (the IRS), or some other entity. Common phishing
scams typically claim to be credit card companies, banks, and major
online retailers such as eBay, PayPal, and Amazon, as well as social
networking sites like MySpace. Some phishing attempts are easy to
identify because they claim to come from businesses or companies that
you have never dealt with; others may be more difficult to identify,
since they appear to originate from entities with which you do business.
A phishing message may indicate that the entity had problems with their
computers or data and that they simply need to verify your account
information so you won’t be inconvenienced next time you try to use
their services. The email message might suggest that a suspicious
purchase was made using your credit card, and that if you did not make
this purchase, you need to contact them by using the link included in
the email. Another example is a message claiming that you have just won
the lottery, that you should go to the secure web link provided, enter
your bank account information and they will deposit your winnings into
your account. Another variation might be an email claiming to be from
the IRS claiming that due to an accounting error, you are owed a
refund. They ask that you go to a website and enter your banking
information so that they can process the refund.
How can I tell if an email is a phishing attack?
Many phishing scams are very hard to detect. However, here are a few tips to help you determine if a mail is a phishing scam.
- Phishing
scam emails often use poor grammar and spelling. They often appear to
be written by someone who is not proficient with the English language.
- Remember that legitimate businesses should NEVER ask for personal or financial information via email.
- Legitimate
businesses should not threaten consequences for not sending personal or
financial information via email. Phishers often threaten to close
accounts or turn off access to services if you do not send them the
information they request in the email. This is not how legitimate
companies do business.
How do I protect myself from phishing attacks?
Remember, legitimate businesses should NEVER ask you for your personal or financial information via email.
If it appears to be a phishing email, simply delete it.
Do not click on any links listed within the email message, and do not
open any attachments contained within the email. Many phishing messages
and sites not only attempt to get your personal information, they may
also attempt to install malicious code on your computer.
Do not enter personal information in a pop-up screen. Legitimate
companies, agencies, and organizations don’t ask for personal
information via pop-up screens. If you get an email or phone call from
a company posing as a company that you do business with, take the name
and phone number of the person calling. Tell them that you cannot talk
now. Look up the contact information of the business and contact them
independently to verify the legitimacy of the phone call. If the call
was not legitimate, email [email protected] and relay the
information.
Review your credit card and bank statements, along with bills from any
other companies with which you do business, looking for unauthorized
charges or withdrawals. Choose strong passwords for your accounts, do
not use the same password for every account and most importantly never
save it in your browser. Remember that if you conduct business on the
Internet, always make sure that the site you use to enter payment
information is secure.
What else can I do to protect myself from identity theft and other forms of online fraud?
- Protect your passwords!
-
Do not share them with anyone, ever (including Professors and Information Resources staff)!!!
- Never login with another person’s password.
- Choose difficult to guess passwords, also referred to as strong passwords.
- Use alpha, numeric and special characters.
- Change the password every semester.
- Watch out for shoulder surfers (people who watch over your shoulder when you type in your passwords).
Tips for creating strong passwords
- Don’t use dictionary words (in any language.)
- Don’t use personal information (favorite sports team.)
- The longer the better, use at least 8 characters.
- Use UPPER and lower case.
- Use numbers and special characters ($,^,!)
- Use passphrases. “I can’t wait to finish school” becomes “1Cw2fskool!”
- Make
sure you have accepted and installed all critical patches for the
operating system (OS) on your computer. If you need assistance with
this, please contact the UTD Helpdesk at 972-883-2911.
- Do it on a regular basis.
- Windows machines- weekly.
- MAC & Unix machines- monthly.
- Most operating systems have auto update features.
- UTD Helpdesk has CDs with all the latest patches and anti-virus available.
- An un-patched machine will be compromised.
- Make
sure your antivirus software is fully updated. If you need assistance
with this, please contact the UTD Helpdesk at 972-883-2911.
- McAfee is provided FREE for UTD students on all machines they use to connect to the UTD network.
- Configure McAfee to automatically look for and install updates.
- Scan for viruses monthly.
- Adware is also detected.
- Always lock or log off of your computer before walking away from it!
Phishing Examples
From: UPGRADE EMAIL ACCOUNT [mailto:upgrade@xxxxxxxxx]
Sent: Wed 10/29/2008 1:02 AM
To: undisclosed-recipients
Subject: DEAR: EMAIL ACCOUNT OWNER!!
DEAR: EMAIL ACCOUNT OWNER.
We wish to inform you that we are undergoing account data upgrading,
inorder for your email account to be verify and remain active,you are
to reply this message and enter your email ID and password in the space
provided (...............), You are required to do this within the next
24hrs of receipt of this e-mail, or your email Account will be
de-activated and erased from our database.
Thank you for using our Webmail Service.
WARNING: Account deleted from Web Mail data base will not be accessible via other email clients.
END
Please be vigilant and protect your account information.
Thanks.
|
Dear , As a
result of your dedication to scholarly success in University of Texas
at Dallas, North America Scholar Consortium extends to you an
invitation to apply for membership in the NASC Honor Society.
Membership application is by invitation only; therefore, membership is
a special honor afforded to a small group of outstanding students.
Membership applications are available at
http://www.xxxxxx.org/member/inv/NNNNNN/. Please use your assigned
invitation code when you apply.
Invitation Code: NNNNNNNN
To learn more about the opportunities that accompany NASC Honor Society
membership, please visit http://www.xxxxxx.org for more information. I
encourage you to seize this valuable and rewarding opportunity and look
forward to seeing your name among the next list of new NASC Honor
Society members!
Sincerely,
Louis XXXXXXX
President 2009-2010
NASC Honor Society
|
From: HHHHHHHH. [mailto: HHHHHHHH @CW.xxx]
Sent: Thu 10/30/2008 9:38 AM
To:
Subject: New Campus Communication Tool
Student Account Registration:
We have implemented a new online instant messenger and course note
sharing system for the 2008-2009 school year. This new initiative has
been headed up by CW.xxx; its goal is to help our students meet their
fellow classmates and exchange information. Through this new online
system, students will be able to share questions and course material
with their peers. We encourage you to create your account in order to
help us better understand your needs as a student.
ACTIVATE YOUR ACCOUNT AT: http://www.CW.xxx
Sincerely,
HHHHHHHH J.
CW.xxx Campus Representative
|
From: VC
Date: Sun, Dec 7, 2008 at 8:20 AM
Subject: Job Offer
To:
Dear ,
Do you want to participate in the greatest Mystery Shopping quests
nationwide? Have you ever wondered how Mystery Shoppers are recruited
and how prosperous companies keep up doing business in the highly
competitive business world? The answer is that many companies are
recruiting young, creative, observant, and responsible individuals like
you to give their feedback on various products and customer services
and thus improve their quality.
As a Mystery Shopper you have only one responsibility: Act as a real
customer while evaluating the place you are sent to mystery shop and
enjoy all the benefits that go along with your job. Remember that you
have nothing to lose, because you are awarded generously for your
efforts:
-You get paid between $10 and $40 per hour for each mystery shopping assignment;
-You keep all things that you have purchased for free;
-You watch movies, eat in restaurants, and visit amusement parks for free;
-You are turning your most enjoyable hobby into a well-paying activity.
Be aware that as a Mystery Shopper you can earn on average $100 to $300
per week. The most experienced and hard-working shoppers earn up to
$500 weekly. This well-paying job gives you the possibility to visit
and observe shops, restaurants, banks, movie theaters, etc. in order to
find their flaws and help their owners correct and improve them. You
can be a Mystery Shopper whenever you have time, because there is no
fixed timetable and you are not obliged to take all the assignments
offered.
If you are interested and would like to give a shot to this intriguing
job offer, just write me back and I will provide you with more
pertinent information.
Good Luck,
VC
Recruitment Coordinator
|
|
This area here left blank
|