Some UNMC e-mail users have reported authentic-looking messages that instruct them to provide sensitive personal information. It’s a technique used by spammers and scammers that is called “phishing.” Individuals who “bite” are exposed to identity theft.
Phishing occurs when a consumer receives a deceptively-legitimate looking e-mail from what appears to be a reputable company. As an example, the e-mail might ask recipients to update their credit card information or their account will be promptly terminated.
Often “phishing” spam messages will use legitimate ‘From:’ e-mail addresses or headers, logos, and links to reputable businesses such as AOL, PayPal, Best Buy, Earthlink and eBay in the message. But the message instructs you to click on a Web link that sends you to a fake Web site where you are asked to provide personal information to the scam artists. Such sites will ask for information such as your name, address, phone number, date of birth, Social Security number (SSN), and bank or credit card account number. Providing this kind of information can leave users at risk for identity theft.
Ironically, many such bogus e-mails prey upon consumers’ fears of being exposed to fraud. They ask for updated credit card account information or other pieces of personal financial information and state that the consumer’s account will be terminated in the near future if the information requested is not provided. The following includes some tips to avoid e-mail identity theft:
- Don’t trust e-mail addresses or headers, which can be forged easily.
- Avoid filling out forms in e-mail messages. You can’t know with certainty where the data will be sent and the information can make several stops on the way to the recipient.
- If you click on a link in an e-mail message from a company be aware that many scam artists are making forgeries of company’s sites that look like the real thing. Verify the legitimacy of a Web address with the company directly before submitting your personal information.
- If you go to a link offered in an unsolicited e-mail, check to see if there is an ‘s’ after the http in the address and a lock at the bottom of the screen that indicates the link is secure and encrypts data. Though this is not an indication that the site is legitimate, an online form that asks a consumer to submit sensitive personal information should always be encrypted. Scam artists are less likely to have encrypted forms, but if they are trying to elicit personal information, they may take every precaution to make consumers believe their site is secure and therefore, legitimate.
Consumers who receive an e-mail that fits this description should:
- Delete the message. Do not reply to the message, doing so will only show the spammer that your e-mail address is legitimate and makes your e-mail address more valuable to spammers.
- Read the information and tips put out by the Federal Trade Commission about this scam at www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm.
- Forward the suspicious e-mail to the Federal Trade Commission’s address for unsolicited commercial e-mail, uce@ftc.gov.
- You may also notify ITS of these types of scams by forwarding the message onto: itssecurity@unmc.edu.
Always be alert to phishing messages. Reputable companies DO NOT contact their customers and request that they update their files or verify their account or security settings.