‘Get Smart’ about Spam, Phishing and Other Cyber Attempts at Identity Theft - 10/27/11

Unsolicited emails asking for personal information often are an attempt at identity theft to commit credit card fraud. They also could infect the recipient’s computer with a dangerous virus.

In conjunction with National Cybersecurity Awareness Month, ITaP reminds computer users to “Get Smart” and never provide personal information to requests contained in unsolicited email.

Mass email from a sender unknown to the recipient is commonly known as “spam.” It causes many problems as it can infect an individual computer and, in turn, an entire network. Though spam may appear official, many unsolicited emails and instant messages containing URLs are actually intended to trick recipients into divulging personal information.
ITaP reminds users to NEVER provide personal information to requests contained in unsolicited email.

Always remember, the University DOES NOT ask for passwords or other personal information via email.

“Phishing” is the act of sending fraudulent email that claims to be from an established, legitimate enterprise. In reality, the email is a scam, designed to persuade the user to surrender private information that will be captured and utilized for identity theft.

“The email directs users to a website, where they are asked to update personal information — such as passwords and credit card, Social Security and bank account numbers — that the legitimate organization already has,” says Scott Ksander, Purdue’s chief information security officer. The website, however, is bogus and set up only to steal users’ information.”

The Federal Trade Commission provides a website with helpful information on a variety of technology security issues, including phishing. According to the site, users can help deter scammers by following these rules of thumb:

• Don’t reply to email or pop-up messages that request personal or financial information, and never click on links in the message. Don’t cut-and-paste a link from the message into your Web browser, as scammers can make links look like they go one place but actually send users to a different site.

• Scammers can send email that appears to be from a legitimate business asking recipients to call a phone number to update their account or access a “refund.” Because scammers use voice-over-Internet-protocol technology, the area code listed does not reflect the scammers’ actual location. When users need to reach an organization they do business with, they should call the number on their financial statements or on the back of their credit card.

• Never send personal or financial information by email or instant message.

• Review credit card and bank account statements as soon as they are received to check for unauthorized charges.

• Be cautious about opening attachments or downloading files from emails, regardless of who sent them. Files can contain viruses or other software that can weaken a computer’s security.

• If there’s any doubt about the sender of an email or the destination of a contained URL, delete the message immediately.

University support computers should be updated regularly with anti-virus and anti-spyware software, as well as a firewall, ITaP says. Staff or faculty members who are unsure whether their work computer is protected may contact their technical support.

The University never asks for passwords or any form of personal information through an email. To report such a request and any other sort of suspicious email, please contact

ITaP hosted a  program Oct. 20 in conjunction with National Cybersecurity Awareness Month. The archived stream of this event
is available online at mms://video1.itap.

For more information about computer security, please visit the SecurePurdue and Business Services Security websites.

“Get Smart” is this year’s theme for the National Cybersecurity Awareness Month campaign, which has occurred every October since 2001. Its purpose is to educate computer users about safe behavior online, the nation’s critical cyber infrastructure, and the dangers on the Internet. This is the sixth year Purdue University has observed the campaign.


Editor’s note: This article was written by Andrea Thomas, technology writer for ITaP. Business @ Purdue News thanks Andrea for allowing us to share it with our readers.