Information Resources
The University of Texas at Dallas
 
Information Security Office Logo
Identity Finder

Office Hours
  M-F 8am-Noon, 1pm-5pm
ISO Main #'s
Phone: 972-883-6810
Fax: 972-883-6865
Physical Location:
Jonsson Bldg. (JO)
3.540 - 3.552
Mail Station: JO43
Directions to UT Dallas

Phishing Explanation & Examples


What is Phishing?

Phishing is a form of theft where the intent is to steal your valuable personal data, such as Social Security numbers, credit card numbers, passwords, account data, or other information.

Why is it dangerous?

Regardless of which story the phishers use, if you fall prey to a phishing email, the end result may be unauthorized purchases using your credit card or an empty bank account or other financial account. Identity theft is also a very common result of phising scams.

How does it work?

A phisher will send you an email, an instant message or sometimes call you on the phone. The message may appear to come from a friend, a business (your bank), a government agency (the IRS), or some other entity. Common phishing scams typically claim to be credit card companies, banks, and major online retailers such as eBay, PayPal, and Amazon, as well as social networking sites like MySpace. Some phishing attempts are easy to identify because they claim to come from businesses or companies that you have never dealt with; others may be more difficult to identify, since they appear to originate from entities with which you do business.

A phishing message may indicate that the entity had problems with their computers or data and that they simply need to verify your account information so you won’t be inconvenienced next time you try to use their services. The email message might suggest that a suspicious purchase was made using your credit card, and that if you did not make this purchase, you need to contact them by using the link included in the email. Another example is a message claiming that you have just won the lottery, that you should go to the secure web link provided, enter your bank account information and they will deposit your winnings into your account. Another variation might be an email claiming to be from the IRS claiming that due to an accounting error, you are owed a refund. They ask that you go to a website and enter your banking information so that they can process the refund.

How can I tell if an email is a phishing attack?

Many phishing scams are very hard to detect. However, here are a few tips to help you determine if a mail is a phishing scam.

  • Phishing scam emails often use poor grammar and spelling. They often appear to be written by someone who is not proficient with the English language.
  • Remember that legitimate businesses should NEVER ask for personal or financial information via email.
  • Legitimate businesses should not threaten consequences for not sending personal or financial information via email. Phishers often threaten to close accounts or turn off access to services if you do not send them the information they request in the email. This is not how legitimate companies do business.

How do I protect myself from phishing attacks?

Remember, legitimate businesses should NEVER ask you for your personal or financial information via email.

If it appears to be a phishing email, simply delete it.

Do not click on any links listed within the email message, and do not open any attachments contained within the email. Many phishing messages and sites not only attempt to get your personal information, they may also attempt to install malicious code on your computer.

Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations don’t ask for personal information via pop-up screens. If you get an email or phone call from a company posing as a company that you do business with, take the name and phone number of the person calling. Tell them that you cannot talk now. Look up the contact information of the business and contact them independently to verify the legitimacy of the phone call. If the call was not legitimate, email [email protected] and relay the information.

Review your credit card and bank statements, along with bills from any other companies with which you do business, looking for unauthorized charges or withdrawals. Choose strong passwords for your accounts, do not use the same password for every account and most importantly never save it in your browser. Remember that if you conduct business on the Internet, always make sure that the site you use to enter payment information is secure.

What else can I do to protect myself from identity theft and other forms of online fraud?

  1. Protect your passwords!

    • Do not share them with anyone, ever (including Professors and Information Resources staff)!!!
    • Never login with another person’s password.
    • Choose difficult to guess passwords, also referred to as strong passwords.
    • Use alpha, numeric and special characters.
    • Change the password every semester.
    • Watch out for shoulder surfers (people who watch over your shoulder when you type in your passwords).

    2. Tips for creating strong passwords
    • Don’t use dictionary words (in any language.)
    • Don’t use personal information (favorite sports team.)
    • The longer the better, use at least 8 characters.
    • Use UPPER and lower case.
    • Use numbers and special characters ($,^,!)
    • Use passphrases. “I can’t wait to finish school” becomes “1Cw2fskool!”

  2. Make sure you have accepted and installed all critical patches for the operating system (OS) on your computer. If you need assistance with this, please contact the UTD Helpdesk at 972-883-2911.

    • Do it on a regular basis.
      • Windows machines- weekly.
      • MAC & Unix machines- monthly.
    • Most operating systems have auto update features.
    • UTD Helpdesk has CDs with all the latest patches and anti-virus available.
    • An un-patched machine will be compromised.

  3. Make sure your antivirus software is fully updated. If you need assistance with this, please contact the UTD Helpdesk at 972-883-2911.

    • McAfee is provided FREE for UTD students on all machines they use to connect to the UTD network.
    • Configure McAfee to automatically look for and install updates.
    • Scan for viruses monthly.
    • Adware is also detected.

  4. Always lock or log off of your computer before walking away from it!

Phishing Examples


From: UPGRADE EMAIL ACCOUNT [mailto:upgrade@xxxxxxxxx]
Sent: Wed 10/29/2008 1:02 AM
To: undisclosed-recipients
Subject: DEAR: EMAIL ACCOUNT OWNER!!

DEAR: EMAIL ACCOUNT OWNER.

We wish to inform you that we are undergoing account data upgrading, inorder for your email account to be verify and remain active,you are to reply this message and enter your email ID and password in the space provided (...............), You are required to do this within the next 24hrs of receipt of this e-mail, or your email Account will be de-activated and erased from our database.

Thank you for using our Webmail Service.

WARNING: Account deleted from Web Mail data base will not be accessible via other email clients.

END

Please be vigilant and protect your account information.

Thanks.
Dear ,
As a result of your dedication to scholarly success in University of Texas at Dallas, North America Scholar Consortium extends to you an invitation to apply for membership in the NASC Honor Society. Membership application is by invitation only; therefore, membership is a special honor afforded to a small group of outstanding students.

Membership applications are available at http://www.xxxxxx.org/member/inv/NNNNNN/. Please use your assigned invitation code when you apply.

Invitation Code: NNNNNNNN

To learn more about the opportunities that accompany NASC Honor Society membership, please visit http://www.xxxxxx.org for more information. I encourage you to seize this valuable and rewarding opportunity and look forward to seeing your name among the next list of new NASC Honor Society members!

Sincerely,
Louis XXXXXXX
President 2009-2010
NASC Honor Society

From: HHHHHHHH. [mailto: HHHHHHHH @CW.xxx]
Sent: Thu 10/30/2008 9:38 AM
To:
Subject: New Campus Communication Tool

Student Account Registration:

We have implemented a new online instant messenger and course note sharing system for the 2008-2009 school year. This new initiative has been headed up by CW.xxx; its goal is to help our students meet their fellow classmates and exchange information. Through this new online system, students will be able to share questions and course material with their peers. We encourage you to create your account in order to help us better understand your needs as a student.

ACTIVATE YOUR ACCOUNT AT: http://www.CW.xxx

Sincerely,

HHHHHHHH J.
CW.xxx Campus Representative

From: VC
Date: Sun, Dec 7, 2008 at 8:20 AM
Subject: Job Offer
To:

Dear ,
Do you want to participate in the greatest Mystery Shopping quests nationwide? Have you ever wondered how Mystery Shoppers are recruited and how prosperous companies keep up doing business in the highly competitive business world? The answer is that many companies are recruiting young, creative, observant, and responsible individuals like you to give their feedback on various products and customer services and thus improve their quality.

As a Mystery Shopper you have only one responsibility: Act as a real customer while evaluating the place you are sent to mystery shop and enjoy all the benefits that go along with your job. Remember that you have nothing to lose, because you are awarded generously for your efforts:

-You get paid between $10 and $40 per hour for each mystery shopping assignment;
-You keep all things that you have purchased for free;
-You watch movies, eat in restaurants, and visit amusement parks for free;
-You are turning your most enjoyable hobby into a well-paying activity.

Be aware that as a Mystery Shopper you can earn on average $100 to $300 per week. The most experienced and hard-working shoppers earn up to $500 weekly. This well-paying job gives you the possibility to visit and observe shops, restaurants, banks, movie theaters, etc. in order to find their flaws and help their owners correct and improve them. You can be a Mystery Shopper whenever you have time, because there is no fixed timetable and you are not obliged to take all the assignments offered.

If you are interested and would like to give a shot to this intriguing job offer, just write me back and I will provide you with more pertinent information.

Good Luck,
VC
Recruitment Coordinator

This area here left blank