More Phishing Emails on the Loose

December 6, 2011

Please take the time to read this post in full – it could save you a lot of bother.

CONTENTS

  1. PHISHING EMAILS
  2. WHAT IS “PHISHING”?
  3. SOME GUIDANCE
  4. NEED HELP?
  5. LEARN MORE

1. PHISHING EMAILS
Yet again the University has received hundreds (possibly thousands) of fake emails trying to steal people’s passwords and personal information. These fake emails are known as “Phishing Emails”.

2. WHAT IS “PHISHING”?
Here is an extract from Wikipedia (I have added line breaks to make it easier to read) :

[ BEGINS ]
“Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.”
[ ENDS ]

Phishing attacks can be very sophisticated and will get harder to spot as time goes on – so be on your guard.

3. SOME GUIDANCE
a. Beware of fake emails and websites trying to steal your passwords and personal information.
b. If you respond to a phishing attack your account may be abused and cause you untold problems.
c. Never reveal your password to anyone, not even IT staff.
d. Use some common sense.
e. If you are unsure, do not be afraid to ask for help.

4. NEED HELP?
You can always email the IT Office at anytime or come and see us during office hours to discuss matters like Phishing. We would rather answer the same question ten times than have to clean up an avoidable mess.

5. LEARN MORE
If you get an email asking for your personal information and you believe that it is bogus, we encourage you to forward the message to IT Services ( phishing@it.ox.ac.uk ), together with the message’s Full Headers.

What you can do to help:
http://help.it.ox.ac.uk/email/phishing/index#howtohelp

How to view full headers of an email:
http://help.it.ox.ac.uk/email/headers/index

More information about Phishing attacks can be found here:
http://help.it.ox.ac.uk/email/phishing/index

Think you can outsmart Internet scammers?
Can you tell the difference between a legitimate website and one that’s a phishing attempt? Take this quiz from OpenDNS to find out:
http://www.opendns.com/phishing-quiz/

Many thanks for taking the time to read this – I hope you have found it helpful.

[Ed. Hyperlinks checked and updated – 1 December 2014]