Phishing at UH
What is phishing (pronounced "fishing")?
From Wikipedia: phishing is "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."
http://en.wikipedia.org/wiki/Phishing
Phishing is usually implemented via email or instant messaging but any electronic messaging system may be used, e.g. Twitter. Phishing emails are usually spammed (sent via bulk, unsolicited email) or could be targeted to a specific organization or group. After obtaining usernames and passwords, cyber criminals could impersonate the owner of the compromised account, steal confidential information, commit identity theft, send more spam, and commit other criminal activities.
If you receive phishing email (which may look authentic and legitimate) requesting sensitive information (e.g. usernames, passwords, email addresses, bank account numbers, credit card numbers, Social Security numbers, date of birth, etc.):
- DO NOT REPLY to the email. Replying (even to tell the spammer to stop) tells the spammer that your email address is valid.
- DO NOT PROVIDE any sensitive information, especially if the email is unsolicited or from an unknown user.
- DO NOT CLICK on any links/images/attachments contained in the phishing email. Do NOT enter personal sensitive information into online forms. Malware may also be downloaded and installed on your computer.
- IF IN DOUBT, CHECK IT OUT!
- CALL the sender/agency/organization to verify that the email is legitimate.
- Contact the ITS Help Desk if you have questions about the validity of an official-looking communication.
After a targeted phishing email is reported, Information Technology Services (ITS) may choose to implement protective measures such as:
- investigating new phishing attempts
- blocking the email address from sending to UH
- blocking the reply email address from receiving from UH
- contacting users who replied to the phishing email before it was reported and blocked
- blocking access to suspicious websites that are linked within the phishing email
- posting new phishing email on the Security Alerts website at http://www.hawaii.edu/its
Phishing notification
Please go to http://www.hawaii.edu/its under the Security Alerts section to check for the latest phishing attacks targeting UH usernames.
If you would like to receive phishing notices by email, go to http://www.hawaii.edu/its/notices/index.php and subscribe to our phishing-alert email list.
General guidelines for reporting spam/phishing
- Google@UH users --> you can report spam or phishing emails directly to Google
- To report phishing attempts to Google, follow the instructions at:
http://mail.google.com/support/bin/answer.py?answer=184963 - To report spam to Google, follow the instructions at:
http://support.google.com/mail/bin/answer.py?hl=en&answer=190737
- To report phishing attempts to Google, follow the instructions at:
- Targeting UH usernames --> send to phishing@hawaii.edu with full mail headers
- See http://www.hawaii.edu/askus/895 for displaying full mail headers.
- See http://www.hawaii.edu/askus/898 for reporting a new/suspicious email targeting UH usernames.
- Spam sent from a hawaii.edu address --> send to uhabuse@hawaii.edu with full mail headers
- General spam --> delete; do not need to report; can block sender's email or entire domain from your account using filters. http://support.google.com/mail/bin/answer.py?hl=en&answer=8151
More information
Protect Yourself Against Phishing
http://www.hawaii.edu/infosec/phishing/
Spam and Phishing
https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/
Spam at the University of Hawaii
http://www.hawaii.edu/askus/571
Security (or lack of it) on the Internet (Spam and Phishing)
http://www.hawaii.edu/askus/687
