Phishing 101

Posted by: jasn [ITS Security] under Informative

Phishing
“(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.”
(From www.webopedia.com)

Spotting a phishing e-mail can be fairly simple once you learn what to look for and take the time to examine any e-mails asking for personal information.

Steps to identifying a Phishing scheme:

1. Look for poor grammar; these e-mails are often created where English is a second or third language.  They will therefore often have inverted sentences and poor spelling.
2. Identify the reply-to e-mail address.  If you attempt to reply, your e-mail client should display the address you will be sending the message back to.  In these fake e-mails that address will often not be related in anyway to the company they are claiming to be.
3. No honest and reputable company will request personal information through e-mail.  E-mail is not secure and should not be used for things such as; credit card information, user names, passwords, social security information, or other sensitive information.  If a company requests this type of information over e-mail you may want to reconsider your dealings with them.

These are just a few simple guidelines on what to look for when dealing with any type of electronic correspondence between yourself and a company.  If you are ever in doubt it is always best to contact the company and ask them directly if the e-mail is legitimate or not.  Most companies would rather have you contact them directly then have to deal with stolen information.

To see examples of actual phishing scam e-mails see our section on Scams.

Be Safe/Be Smart

jasn

Iowa Telecom