Tuesday, November 18, 2014

Phishing Scams: Don't Be A Sucker

This is a sucker.  Don't be one.
P. T. Barnum may not have said "There's a sucker born every minute," but he made bank proving it was true.  'Phishing' scams try to fool you into revealing your passwords, granting access to your computer or giving away personal information such as your credit card number.  Such scams may look like legitimate email messages from your bank, from governmental agencies and even from ITS - but by the time you start to wonder, it's too late.  Here are some ways to spot phishing scams:

*Who sent it?  Look at the sender's address.  Banks don't send official correspondence from personal gmail accounts.  Governments don't send notices from K12 accounts.  If the name looks odd or generic ('System,' 'Web Team,' etc.), be suspicious.  Any message from within Macalester will be signed with a name you can find in the Directory (http://www.macalester.edu/directory). 

*Who was it sent to?  Sure, you got it in your Inbox, but what's in the To: field? Is it empty, or does it contain many addresses besides yours? Are you BCC:ed? Any message sent by a reputable source should have only your name, or go to a large official distribution list you recognize.

*What does the sender want?  No legitimate organization or firm will ask you to divulge personal information (birth dates, account numbers or passwords) in an email message.  This is a dead giveaway.  The same is true if you see links to follow to "verify your account" or "confirm your membership."  Never surrender such information, and don't click on such links!

*How was it written?  Extensive misspellings, incorrect punctuation, bad grammar and confusing technobabble are all hallmarks of scams.  So is the (empty) threat that you'll "lose privileges" or have your account closed if you don't comply.  Macalester ITS staff take pains to write clearly when we communicate with you.

*Other scam clues. Is the sender asking for payment in an odd form, such as bitcoin or Apple iTunes gift certificates? Don't pay! Has a complete stranger mailed you a check drawn on a bank you don't use? Don't deposit or cash it! Are you being offered a job for which you have not applied? Don't reply!

Don't be a sucker. If you ever get an email that looks suspicious, let ITS know about it and we'll help you determine whether it's legitimate.  For assistance, contact the ITS Help Desk at helpdesk@macalester.edu or 651-696-6525.  You can learn more about this kind of scam on our Web pages, starting at http://www.macalester.edu/its/safecomputing/email-safety/

No comments:

Post a Comment