Information Technology News

The latest news from the Office of Information Technology

You are here: Home / Archives for Phishing

Phishing

Phishing Attempts Continue

by

Phishing

On October 9, 2009, more than 6000 UCI affiliates received an email message claiming that they were required to click on a link which would take them to a web site to update their email accounts. This message has been confirmed to be an example of “phishing,” a malicious attempt to have you divulge personal information in order to allow someone to gain access to your information or services.

The Office of Information Technology (OIT) would like to remind you that you will never be asked for, and you should never provide, your password or other personal information by email. If you ever question a request for information, please contact the OIT Help Desk at (949) 824-2222 or oit@uci.edu so we can help you check its validity.  If you suspect that you have received a phishing email, do not respond to it or click on the links. You may optionally report it to the Anti-Phishing Workgroup, but in any case delete it.

Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.  At UCI, such a message will often simulate official notification from a real campus department such as OIT, and may make reference to your actual account or email address.

More information on phishing and how to protect yourself can be found online.  If you have not already done so, OIT strongly recommends you take the online “Information Security” tutorial available on TED.

Phishing on the Rise

by


Phishing

Phishing is a name for fraudulent email messages sent by thieves to lure the recipient into divulging personal or financial information. Thieves can then use this information for mischief or profit.

These email messages pretend to be from well-known, legitimate businesses or organizations, and increasingly look as if they actually are.  We’ve seen phishing messages sent to UCI email accounts that have used the NACS name and logo in an attempt to look as genuine as possible.

These messages will often try to create a sense of urgency so the recipient won’t stop to think about the legitimacy of the message.

If you suspect that you have received a phishing email, do not respond to it or click on the links. Reputable organizations, including NACS, will never send an email message requesting personal information such as passwords or financial information. Always be wary of messages requesting such personal information.

For ways to recognize phishing email messages, and for additional information about phishing, see http://security.uci.edu/email/phishing.php

If you are unsure whether an email message about your account is a phishing email or not, call the organization directly to determine the status of your account. The NACS Response Center may be contacted at 949-824-2222 for questions about UCI accounts.

Beware E-mail Fraud

by

NACS continues to work hard to identify unwelcome, unsolicited commercial e-mail. No filtering technique is 100% effective, however, and it is therefore worthwhile to highlight a common threat that a seemingly legitimate message may pose.

One of the most disturbing trends in online crime today is known as “phishing” — fraudulent messages that appear to be from legitimate vendors but are actually well-disguised attempts to steal your passwords, account numbers, social security numbers, and other private information. Frequently, such messages appear to be from well-known companies such as eBay, Citibank, Amazon, and the like.

Often the sender will ask you to log into the company’s web site via a link provided in the body of the message to “confirm” your password or credit card information. These links actually direct your browser to the sender’s web site — well disguised as that of the legitimate vendor — which captures your private information as you type it.

If you are uncertain about a particular message, you may wish to contact the vendor in question by calling them, or going directly to their web site without using any links provided in the body of the message in question. Of course, you can also always contact NACS at nacs@uci.edu or (949) 824-2222 and we’ll help you figure it out.