February 8, 2013
How to avoid “phishing” scams
The University of Washington has been a target of some high-profile “phishing” attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers.
What Is a “phishing?”
Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information. Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond.
What does the scam look like?
Recent phishing messages have asked recipients to click on links to phony Web pages designed to look like official UW websites, where they are then asked to “update” or “confirm” information such as UW NetIDs and passwords.
How do criminals use the information?
Cybercriminals may use the information obtained to send spam via email or social media accounts, or to gain access to UW or other systems or assets. They may also sell the information to other criminals who then infect computers with malware or misuse the information in other ways.
How can I protect myself?
Your best protection is to:
- Be skeptical about these urgent emails; do not take their recommended action.
- Do not provide any sensitive or personal information by email without verifying with the institution that it is the “sender.”
- Verify the legitimacy of an embedded link before automatically following it (hover over the link to see whether the revealed Web address is a legitimate UW Web site or if you are being redirected to another site).
Where can I get more information and help?
These Web resources are available from the UW Office of the Chief Information Officer:
- Phishing Risk Advisory: http://ciso.washington.edu/resources/risk-advisories/phishing/
- “Phishing at UW” video training: http://ciso.washington.edu/resources/online-training/
The IT Connect Web site published by UW Information Technology also has additional information and tips:
- Safe and Secure Computing: http://uw.edu/itconnect/security/