Frequently Asked Questions

Phishing

This is a high-tech scam that uses spam or pop-up messages to deceive consumers into disclosing their card numbers, bank account information, social security numbers, passwords, or other personal information. Phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your personal information, such as user names, passwords, credit cards, social security numbers, and bank accounts.

The email might threaten some dire consequence if you don’t respond. The email often directs you to visit a “spoofed” or fake website that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

How can I avoid Phishing?

• While online banking and e-commerce is very safe, as a general rule, you should be careful about giving out your personal financial information over the Internet.
• Be suspicious of any email with urgent requests for personal financial information. The email may include upsetting or exciting (but false) statements to get you to react immediately and will ask for information such as usernames, passwords, credit card numbers, social security numbers, etc.
• Don't use the links in an email to get to any web page. Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
• If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.
• If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.
• Avoid filling out forms in email messages that ask for personal financial information.
• Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.
• Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
• Take note of the header address on the website. Most legitimate sites will have a relatively short Internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long string of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
• Regularly log into your online accounts.
• Regularly check your bank, credit and debit card statements to make sure that there are no non-authorized transactions. If anything looks suspicious, contact your bank and all card issuers.
• Ensure that your browser is up-to-date and security patches have been applied.
• Always report fraudulent or suspicious e-mails. Reporting instances of spoofed websites will help get them shut down before they can do any more harm.
• If you have any doubts about an email or website, contact the legitimate company directly. Make a copy of the questionable website's URL address and, send it to the legitimate business to ask if the request is legitimate.

Phish and Foul

Don’t let Internet thieves hook your personal information. Beware the pirates who go “phishing” on the Internet. They want to snag your personal financial information - hook, line, and sinker.

The newest “phishing” bait may look like a legitimate message. These thieves are “phishing” for account numbers, passwords, social security numbers, and other confidential information that they can use to loot your checking account or run up bills on your credit cards.

Here are important telephone numbers for different credit bureau’s fraud division:
Equifax 1-800-525-6285
Experian 1-888-397-3742
TransUnion 1-800-680-7289

Am I at risk??

Many people are unaware they may be vulnerable to identity theft. Take the Fraud Risk Test  to see how vulnerable you may be. Hackers are skilled at using emails to entice or alarm users to visit websites looking almost identical to the legitimate websites. Take the MailFrontier Phishing IQ Quiz.

• Fraud Risk Test
• MailFrontier Phishing IQ Quiz

Where can I go to get help with Phishing problems?

OTS is here to answer your questions. Faculty and staff should contact the OTS Help Center. Students should contact the SCS Service Desk. Additional information can be found at:

• OTS Knowledge Base Article 417
• Anti-Phising Working Group (APWG)
• Federal Trade Commission
• Federal Bureau of Investigation
   

Information Security Office
Office of Technology Services
Cook Library, 4
Hours: Monday - Friday, 8:30 a.m. to 4:00 p.m.
E-mail: infosec@towson.edu