Phishing Attacks at Mason on the Rise

Posted: April 13, 2010 at 1:03 am, Last Updated: April 12, 2010 at 2:35 pm

The following information was provided by the Information Technology Unit.

Phishing is a means of compromising one’s identity, financial information or business security by the use of cyber fraud.

With the growth and sophistication of phishing attacks in recent years (estimated now at more than eight million attacks per day worldwide), the number of hits to successfully pass through Mason’s spam filter has been on the rise.

Awareness, as a result, has become our best defense to fight off the phishing threat. Following are Mason’s Six Steps to Fight Phishing:

1. Be wary of e-mail communications that request confidential information.
Passwords, usernames, PINs, SSNs and account numbers are not to be shared.
In this day and age, legitimate companies (like Mason) never ask for this type of information via e-mail.

2. Question the “scare tactic” communication.
Phishers love to pressure victims into providing information. Account closures, service delays and loss of access are all typical threats used to elicit a quick reaction and are not normal practices for real organizations.

3. Be alert to the “generic” communication.
Impersonal addresses like “Dear GMU User” are an indication of a mass mailing. Companies for which a legitimate business relationship has been established will reference a name or account number to authenticate the communication.

4. Avoid clicking active links without first verifying the full address.
Links can be displayed in any manner the writer chooses. To help determine the actual address, roll the cursor over the link and read the corresponding address in the bottom left corner of the screen. The safest way, though, is to open a browser and type the known URL for the company directly into the address bar, avoiding the link embedded within the e-mail altogether.

5. Keep software up-to-date and perform scans on a regular basis.
Anti-virus, spyware, firewall and anti-spam programs can all help to protect against phishing threats. But even these methods need regular updates to be the most successful.

6. Delete e-mails from unknown Internet addresses.
When the legitimacy of an electronic communication is in doubt, the best policy always is to contact that organization directly—either by a phone call or a direct visit to the web site (typing out the URL address in the browser’s window).

Help Mason protect our community by following these guidelines.

Write to gazette at gazette@gmu.edu