Security, Software, Support

Sea Creatures in your Email?

We recently received yet another email from the IT Helpdesk informing us that more “phishing” emails have been getting into NOVA email boxes. So what is “phishing”, why is it bad, and what do we do about it?

“Phishing” describes methods employed by scammers to get you to divulge your personal information, like your social security number, credit card number, or the logins and passwords to websites you frequent. It’s called “phihsing” because it’s like “fishing”…the scammers are throwing out lots of lines and hoping someone bites. No matter how convincing they sound, they don’t know who you are and they don’t know anything about you. You are not being targeted specifically; they got your email off the internet one way or another and you are just one of millions of people they emailed. But if you “bite”, then the scammer has phished successfully. Why the “ph” in “phishing”? No idea. Maybe it just looks cooler.

Email phishing involves email messages designed to make you give up some personal information. One of best-known scams is the Nigerian Letter scam, in which the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly. The scammer begs you to help him claim this money and offers a reward. This is also called the “advance-fee” fraud, and though most of us know we aren’t really being emailed by a rich foreign government official in exile, this scam can take many other forms. If someone makes you any kind of offer that involves wiring money or sending you a check to cash on their behalf, be suspicious. Do not trust any links or phone numbers in these emails; these will all lead you to false information.

Some scammers even make the email sound like a cry for help from a friend or relative of yours (they do this by hacking your friend’s email account and sending messages to all of the contacts). Never ever send money (especially through a wiring service) to someone who emailed you without calling them personally to see if they really sent the message.

The most recent phishing attempt at NOVA informed users that their email box was over the storage space limit, and asked the user to click a link to “fix” the problem. The email appeared to come from NOVA IT, but it didn’t. It came from scammers who were using that link (which they created) to collect personal information from NOVA employees. This example shows us how convincing a phishing scam can be. Along the same lines, scammers may send out emails telling you that your credit card account/paypal/amazon/bank account will be shut down if you don’t provide your password/credit card number/pin number/social security number. Some emails provide links to websites that look like real businesses. These are fake. No legitimate businesses will ask you for personal information in an email. If you believe one has, call them to verify (using the phone number listed in the phone book, NOT one in the email).

I know this is a lot of information but it’s very important to be safe when you’re using your email. Here’s my quick advise for dealing with phishing attempts:

  • If someone asks for personal information via email, do not email it to them. If you think it might be a real request and it’s from a business, call. Even if it’s from your friend, call.
  • If there are typos or bad grammar in the email, that is a big red flag indicating it may be a scam email.
  • Just because there’s a company logo in the email or you click on a link that takes you to a website, doesn’t mean it really comes from that company. Just because the email address looks like it comes from a legitimate business doesn’t mean it does. All of these things can be easily faked in an email.
  • Be suspicious of generic greetings like “Dear Customer”.
  • Most businesses will not threaten to close down an account if you don’t provide them with personal information. They WANT you to keep your account!
  • If it sounds too good to be true, it is.
  • If you feel weird about an email, even if you don’t know why, trust your instincts and don’t reply. Better safe than sorry!

For even more information about phishing scams, check out http://computer.howstuffworks.com/phishing.htm.