Phishing: Don’t Get Hooked This Holiday Season

Posted: November 30, 2007 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

The Information Technology Unit Security Office would like the Mason community to be safe in cyberspace. The following message describes one of the most common e-mail scams currently in practice.

Criminals have become more creative in their attempts to obtain your sensitive and personal information. The latest attack is called phishing. Using e-mail or instant messaging, the attacker masquerades as one of your trusted institutions such as a bank, mortgage company, the IRS, PayPal, eBay or some other reputable online business. During the holidays, an increase in online shopping is the perfect setting for phishing.

Here’s how phishing works. To obtain your passwords, usernames, credit card numbers, bank accounts, social security number, birth date or other valuable information, the phishing message directs you to click on a link that will take you to the company’s web site to “confirm information.”

But beware, this is the trap! The link actually takes you to another site that only resembles your business’ web site. The company logo may be there, but this site is not actually sponsored by that business. Here, any information you provide will be collected and could be used for fraudulent purposes, including identity theft. Outcomes of such attacks can range from denial of e-mail account access to substantial financial loss and credit damage.

The best way to combat these attacks is to follow one simple rule: Never click on the link in this type of message. Instead, if you believe this to be a legitimate follow-up request, go directly to your business’ web site by typing in its main URL address.

Protect yourself from phishing — when in doubt, type it out.

Write to at