In January 2008 there were 29,284 reported phishing scams, an increase of over 3,600 reports from the previous month. Because phishing continues to plague the United States, and the month of October is dedicated to raising cyber-security awareness, this column is an information update about phishing. The best defense against phishing is to understand the potential ways a criminal might try to obtain your private data, including some more refined phishing tools.
Phishing is a technique criminals use to gain their victim’s trust by sending a convincing e-mail message or leaving an official-sounding phone message to pose as a legitimate organization—like a bank, employer, or government agency.
The criminal often suggests there is a problem with the victim’s account or service. The victim, persuaded by the legitimate looking or sounding come-on that they are dealing with a trusted organization, divulges private information, such as a date of birth, account number, or password. The data thief can then use this information for criminal activities, such as stealing the individual’s identity, draining their bank accounts, or accessing other private information.
A newer phishing technique is the use of voice mail messages purporting to be a legitimate organization. Criminals leave an alarming message with a toll free number to call. When the victim calls the number, they are prompted to confirm their identity.
More worrisome, are the new “spear phishing” attacks, which target and personalize the message to a specific individual. Because it’s so personal, spear phishing makes the attack appear even more legitimate, making the need for broad consumer education about phishing more urgent than ever.
- OIT and other AU organizations will never ask for your password by e-mail or phone message.
- Treat all such requests with high suspicion.
- If you receive a message from someone purporting to be your bank, employer, or other trusted organization, double check the correct number on correspondence from the organization or their Web site.
OIT continuously works to improve AU’s e-mail filters and catch phishing attempts that are sent electronically. Our voice mail system is also protected as much as possible from criminal attacks.
For more information about phishing and tips on how to protect yourself and your data, click here, then go to Information Security and look for Security Tips.
Please contact the IT Help Desk at 202-885-2550, e-mail firstname.lastname@example.org or on instant messenger at AskAmericanUHelp for assistance and further information.
The fall 2008 IT Newsletter is available online here.
Check for outages and scheduled maintenance on AU systems here.