Phishing scams are typically fraudulent e-mail messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed web site and ask you for private information (e.g., password, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.
An example of a phishing attempt is an e-mail message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information. Sometimes these messages even use the name of an organization you are a member of like HWS or a bank like Bank of America; this is called Spearing and a more complete explanation can be found in this article on the FBI's web site: www.fbi.gov/news/stories/2009/april/spearphishing_040109.
What Phishing Looks Like
To help you identify a phishing scam e-mail, this page contains actual examples of phishing messages received at HWS.
How to Avoid Phishing Scams
Microsoft provides some great tips on how to spot "phish" in this article: www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
To avoid phishing scams, never click the links provided within these types of e-mail messages. If you feel the message may be legitimate, go directly to the company's web site (i.e., type the real URL into your browser, or search for the webpage in Google) or contact the company by phone to see if you really do need to take the action described in the e-mail message. Delete the e-mail message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites to which it points.
Be aware that IT Services at HWS will NEVER ask you to verify your account information via a web link, or to respond to an e-mail with your log in credentials. In addition, official IT Services communications will always originate from the e-mail address firstname.lastname@example.org.
Reporting Phishing Attempts
You can report phishing, spam and any scam attempts to the company that's being spoofed. You may also forward any message to email@example.com. Forwarding messages allows for the HWS spam filter to “learn” what type of spam and phishing attempts may be circulating and adjust itself to better block these messages.
Some information supplied courtesy of Baylor University.