J&W University Help Desk : Frequent Questions : Phishing

What is "phishing"? "Phishing" occurs when an attacker sends an email which looks to be from a genuine institution and directs the victim to visit a fake website. An attacker can make their website look so legitimate that people do not question the validity of it. The attacker can then capture username, password, credit card and/or account information from the user when he/she attempts to login. Using vulnerabilities in Internet Explorer, an attacker can make the browser URL look real (e.g., www.citizensbank.com), but the user may actually be viewing a phony website. People are readily accepting these email messages as truth, and supplying confidential information.

In a similar fashion, attackers can create malicious websites which offer dangerous file downloads. A victim visiting the site might click to download a PDF file that has the name "something.pdf" in the URL, but is actually executable content that can be used to compromise the victim's workstation.

How do I avoid being caught in a "phishing" scam? To avoid getting caught by one of these scams, the FTC offers this advice:

If you get an email that warns you of your account being shut down unless you reconfirm private information, do not reply or click on the link in the email. Instead, contact the company cited in the email directly through a phone number you know to be correct.
Avoid emailing personal and financial information. Before submitting financial information through a website, look for the "lock" icon on the browser's status bar to ensure your information is secure.
Never "open"a file from a website directly. Always choose to "save" the file first. Downloading the file in this way will expose the true nature of the file.

How can I learn more about "phishing" activity? To obtain more information on phishing activity, visit: