Phishing - Avoid the pitfall
What is phishing?
Phishing is an attempt to get personal and sensitive information from you via emails. These attempts may originate anywhere in the world (for example, Russia, China, Nigeria, etc). Often these emails may appear to be legitimate at first glance, so NEVER give out any sensitive information such as passwords, or bank account information via any email you receive. Please see some examples below, in order to help you recognize these kinds of bogus emails.
Do NOT open any link to a banking institution, IRS, etc. from within an email. Never enter credit card information, passwords, or other personal information via an email link from within a message. The IRS does NOT contact you via email concerning refunds and they already HAVE your social security number, so any requests for that are bogus.
When you click on a link or open attachments in phishing emails, malicious software (malware) may be installed which can send your information out and/or use your computer to launch attacks that you are unaware of. This may cause other providers (such as Yahoo, etc.) to block @tntech.edu emails from everyone.
Although Information Technology Services uses software to filter out over 90% of the email that is sent to campus as either spam, phishing, or virus infected, some still gets through the filters every day. It is up to you to be continuously aware of this threat.
View the following video by Common Craft about Phishing Scams to learn more.
How common is it and what are the effects?
"During each month in 2007, anywhere from 92 to 178 different company brands were “phished”—meaning their names or logos were used to fool victims into thinking they were dealing with a trusted institution. According to research and consulting firm Gartner, an estimated 3.6 million Americans fell victim to phishing last year, leading to losses of more than $3.2 billion. " (How to Foil "Phishing" Scams, Lorrie Faith Cranor, Scientific American, Dec. 2008)
What can I do if I am not sure?
If you think a message may be valid, then type the address that is the company's genuine website into the address bar of the browser, rather than trusting any hyperlinks in a message. You can use Google to search for the institution's name and then use that link to visit the real site.
Here is an example of a phishing email that looks real:
If you get a bogus email claiming to be from the IRS (Internal Revenue Service), you can contact The Identity Protection Specialized Unit of the IRS at 800-908-4490 Monday through Friday from 8:00 am to 8:00 pm.
What are some examples?