Avoid Being a Victim of Phishing!

in Information Security, Tips
September 2nd, 2012

Avoid being a victim of phishing! If you are ever unsure whether an e-mail you receive is legitimate or if you receive an e-mail messages that is abusive or harassing in nature, you can forward it to abuse@bu.edu for verification. Read the following tips to protect yourself from phishing…

How Can I Protect Myself from Phishing?

1. If an e-mail asks for your password, it is a scam. Delete it! A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information.
2. Don’t follow links, and never provide personal information. You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam.
3. Don’t open attachments that you weren’t expecting. Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.
4. Filter out spam. Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam*.
5. When in doubt… If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to abuse@bu.edu. If possible, it is helpful to include full headers (http://www.bumc.bu.edu/it/comm-collab/e-mail/unwanted-email/report-abuse/)  when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.

If it’s too late…

If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.

Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or bumchelp@bu.edu.

LEARN MORE ABOUT PHISHING:

• http://www.bumc.bu.edu/it/comm-collab/e-mail/unwanted-email/phishing/
• Phishing IQ Test: http://www.sonicwall.com/furl/phishing/index.php
• Phishing Awareness: http://www.youtube.com/watch?v=H0yWWqX0L4g
• “Phishing” Internet Security PSA: http://www.youtube.com/watch?v=pPCPU5UpPG4&NR=1

Remember, Boston University will never ask for your login and password information via e-mail.