Avoid Getting ‘Hooked’ by Phishing Scams - 06/30/09

In light of a bank phishing scam that has been plaguing University email inboxes, this review of “phishing” is intended to remind staff what  phishing is and how to avoid it. 

“Phishing (fish’-ing) is the act of sending email falsely claiming to be from an established, legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft,” said Scott Ksander, chief information security officer and executive director of Networks and Security.

“The email directs users to a Web site, where they are asked to update personal information – such as passwords and credit card, Social Security and bank account numbers – that the legitimate organization already has. The Web site, however, is bogus and set up only to steal users’ information.”

Federal Trade Commission Web site provides helpful information on a variety of technology security issues. According to the site, users can help deter scammers by following these rules of thumb:

     -- Don’t reply to email or pop-up messages that request personal or financial information, and don’t click on links in the message. Don’t cut-and-paste a link from the message into your Web browser. Phishers can make links look like they go one place but actually send user to a different site.
      -- Scammers can send email that appears to be from a legitimate business asking recipients to call a phone number to update their account or access a “refund.” Because scammers use voice-over-Internet-protocol technology, the area code listed does not reflect the scammers’ actual location. When users need to reach an organization they do business with, they should call the number on their financial statements or on the back of their credit card.
     -- Don’t email personal or financial information.
     -- Review credit card and bank account statements as soon as they are received to check for unauthorized charges.
     -- Be cautious about opening attachments or downloading files from emails, regardless of who sent them. Files can contain viruses or other software that can weaken a computer’s security.

University support computers should be updated regularly with anti-virus and anti-spyware software, as well as a firewall. Staff who are unsure whether their work computer is protected may contact their technical support. To report a suspicious email, contact

For more information about computer security, please visit the SecurePurdue and Business Services Security Web sites.