|
From December issue of UWM Report
Cyberscammers are phishing in UWM waters
Phishing is an Internet scam involving a message sent out via email
instructing recipients to immediately provide their financial institution with
personal financial information.
Typically these are urgent requests designed
to look like they came from a bank or other service provider demanding that you
"confirm" or "update" account information or passwords or risk having an account
closed down. These emails are designed to look like an official communication
from a bank or credit card company. They generally instruct you to click on a
link in the email leading you to a website where you are asked for information
like account numbers, contact information, social security numbers or
back/credit card "pin" numbers. This link doesn't go to your bank. It actually
goes to a computer controlled by crooks. Once armed with your data, thieves take
out cash advances from your accounts or may attempt to steal your identity and
set up fraudulent bank or credit card accounts in your name. Even with
widespread publicity about “phishing,” people are still getting
caught up in the phish nets. There have been some reports of UWM staff/faculty
members being victims of identity theft after being scammed through phishing
emails. “I can’t believe I actually started to respond to one of
these,” says a UWM staff member, who almost got caught by a
“phishing” email sent to her UWM email account. The email allegedly
came from EBay, asking her to update personal information. “I clicked on
the link and was filling out the requested information when they started asking
for my security password, bank account information and other confidential
information. Suddenly a big light bulb went on, and I remembered I’d never
used my UWM address in my infrequent EBay transactions or for other personal
business. It was a ‘duh’ moment. After all I’d read about such
scams, I almost fell for it.” UW system security recently picked up a
phishing email that allegedly came from the UW Credit Union and was directed to
UW System users, many of whom have credit union accounts. In a newsletter
directed to its customers, the real UW Credit Union discussed the extent of the
problem. In June, 2005 alone 15,050 phishing reports were reported nationally, a
41 percent increase over the previous six months, according to a reputable
consumer site, antiphishing.org. The Credit Union article noted that
“phishers” are fast workers – the spoofed site is active for
an average of only six days. Here are some tips from UWM’s
Cybersecurity Department and the UW Credit Union for avoiding phishing scams.
- Don’t respond to unsolicited emails asking you to divulge
confidential personal information. Legitimate financial institutions don’t
send emails asking for this information.
- If you have doubts about a
message, call the financial institution using the contact information on your
billing statement. Don’t use a number listed in the email.
- Don’t email personal or confidential information.
- If you think you may be a victim of phishing, contact your financial
institution or the online service immediately. You may also file a police report
with UWM Campus Police or your local police department if you have suffered any
actual financial loss.
The website
http://antiphishing.org/consumer_recs2.htm has a list of recommendations for
consumers who think they may be phishing victims. If the fraudulent email came
through the UWM mail system, report the incident to the UWM Information Security
team at http://www.3.uwm.edu/IMT/security/policies/incident_report/online_form/.
- Here are some additional websites with information on phishing:
UWM
Information Security page on Phishing awareness and
preventionhttps://www3.uwm.edu/imt/security/resources/features/phishing.cfm
|
