Phishing is a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. Phishing emails pretend to be from individuals or businesses that the potential victims deal with. The fraudsters tell recipients that they need to "update" or "validate" their accounts to keep them active, and direct them to a "lookalike" website of the legitimate business, tricking consumers into thinking they are responding to a bona fide request. Unknowingly, the recipients submit their personal information – not to the businesses – but to the scammers, who use it to log into other's accounts to order goods and services and obtain credit.
Never respond to an email that asks for personal information such as credit card number, PINs, social security number, date of birth, password, etc. If you receive an email asking you for that information, delete it without clicking on any links.
Here are some tips to help you recognize a phishing attempt:
- Legitimate institutions do not send emails that ask customers to click on links or provide personal information.
- Look at the return email address. The From field might say it's from the Helpdesk, but the actual email address listed is from somewhere else.
- Misspellings and grammar mistakes.
- Urgency: most phishing attempts will mark their emails as urgent or tell you that you must click on a link immediately.
- False Links: place your cursor over a suspicious link in the email, but don't click on it. A pop-up window will appear with the real web address. In phishing emails, this address rarely matches what's displayed in the email.
Some good websites that contain information on how to identify phishing attempts are:
- About.com's Guide to Recognize Identity Theft Scams - Spotting a Phishing Email, located at http://idtheft.about.com/od/preventionpractices/ss/phishing_scams.htm.
- Miami University and Community Credit Union's Tips for Spotting Fraudulent ("Phishing") Email, located at https://www.muccu.org/help-tutorials/security-tips/tips-for-spotting-fraudulent-(phishing)-email.aspx.
- Watching the Net's Tips On Spotting Fake Emails And Phishing Attempts And How Not To Be Fooled, located at http://www.watchingthenet.com/fake-email-phishing-attempts-and-identity-theft.html.
If you are concerned about the legitimacy of an email, please contact the Technology Service Desk at email@example.com.
If you have clicked on a dubious link, please go to the Georgetown NetID Password Management System, located at https://password.georgetown.edu, and change your password immediately.