Can You Outsmart a Phishing Attack?

Posted: March 6, 2008 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

The Information Technology Unit Security Office continues its ongoing efforts to keep the Mason community safe in cyberspace. The following message takes a deeper look at one of the most common and successful e-mail scams.

Could you recognize a phishing attack in your e-mail if it came from a trusted source such as your bank or Internet service provider? Suppose you received an e-mail that began: “Dear (your bank name) Customer, during our annual review of accounts, we were unable to verify your current on-line information…”

Using elaborately crafted attacks, criminals are now using respected business names against consumers to obtain sensitive financial and personal information. Following are some clues to fraud.

  • Legitimate businesses do not send out non-personal e-mails regarding an individual account. Beware of the “Dear PayPal Customer” introduction.

  • Fraudulent businesses reference partial account numbers that are common to all in that category. All Visa accounts begin with a 4, and MasterCard accounts begin with a 5.
  • Legitimate businesses never ask a customer to click on a link in their e-mail, but rather direct you to visit their web site. If you were to roll the mouse across an embedded link in a fraudulent e-mail, the address (revealed at the bottom left of the page) would not match the legitimate business web site.

Protect yourself from identity theft, financial loss and credit damage. The safest policy to follow is never to click on the link in your e-mail or instant message account. Always go directly to the main URL address. When in doubt, type it out.

Write to at