Phishing
...
Attention Campus Community:
A growing threat to corporate and campus network
system security, and user privacy world wide is the rise of
so-called "phishing" schemes. These schemes take
the form of “spoofed”, mass-delivered email messages
designed to impersonate banks, credit bureaus, or online payment
brokers and fool recipients into divulging personal financial
information. By hijacking the trusted brands of well-known
banks, online retailers and credit card companies, phishers
are able to convince recipients to respond to them.
Some phishing mail is detected by spam software, but most
of this type of mail does not get detected because the spoofed
address is a legitimate address and the message does not contain
typical spam keywords. When we become aware of a phishing
report, we report it to the AntiPhishing Organization at www.antiphishing.org.
We ask the campus community to recognize that this type
of email will continue to be sent and the most effective action
you can take to protect yourself against identity theft is
to not respond to any actions listed in the message.
Industry leaders are working on ways to protect networks
against phishing schemes. As we become aware of new options
available to us, we will attempt to implement them. Until
then, our solution is to keep educating everyone about the
schemes, encourage everyone to not respond to these type of
e-mail solicitations, and report the schemes to the AntiPhishing
Organization (www.antiphishing.org).
What is Phishing?
Creating a legitimate looking
email that asks for an update or confirmation on personal
data. That is it appears to be from a well-known compnay.
For example, Citibank, eBay, SunTrust have had their impage
used multiple times for phishing schemes. The bait used is
the combination of a legitimate looking email and web page
combined with language that has a sence of urgency or paints
a threatening condition. Below is an excerpt of one of the
spoofed messages:
What does the email look like?
"We have recently reviewed
your account, and suspect your Citibank Internet Banking account
may have been accessed by an unauthorized third party. Protecting
the security of your account and the Citibank network is our
primary concern. Therefore, as a preventative measure we have
temporarily limited access to sensitive account features.
To restore your account access,
please take the folllowing steps to ensure that your account
has not been compromised..."
The message goes on to include instructions on how to login
to a website (link is included in teh message) and provide
account, pin, reset password, etc.
Spoofed emails generally include
a link to a "spoofed web site." Clicking on the
link can initiate an installation of key logging software
or viruses.
What are they Phishing for?
Phishing expeditions are looking
for a big catch such as, passwords, PINS, credit card validation
codes, ATM/Debit or credit card numbers, social security numbers,
and/or bank account number.
Even if you don't provide the
information that is being requested, simply clicking on the
link could subject you to background installations of key
logging programs andother equally threatening programs.
What can I do to protect
myself?
- Don't open suspicious emails
or click on links contained in those emails
- Do not provide sensitive
information to emails via email (even if reqeusted). Call
requestor and verify.
- Keep Antivirus software installed
and current
- Keep OS and Applications
patched
- Use anti-Spyware/Adware software
- Use a firewall
Where can I find more information?
Excellent resource http://www.citibank.com/domain/spoof/learn.htm
|
