Phishing scams most often take the form of fraudulent emails. Typically, these messages are designed to trick users into revealing sensitive or protected information (ex. usernames, passwords, bank account information) by pretending to be a legitimate entity like your bank, a social media site, or your university. For example, a phish posing as your bank might warn you of fraudulent activity on your account and ask you to “click here” to verify your information which often includes providing your account username, password, and sometimes more.
We want to emphasize these security best practices on emails from unknown users:
- Do not open emails that look suspicious or are from unknown users.
- Check the sender’s email address to see if the listed domain (what comes after the “@” sign) matches where the sender claims to be from. If the email message claims to be from UAB, does the sender domain match?
- Try to not click on links in an email but if you must, first check the true destination of any link or listed email address in an email by hovering (don’t click) your mouse over the link. The true email or URL will be displayed next to your mouse or in the bottom left of your window.
- Do not open attachments
- Never send private and sensitive information (credit card information, password, PIN, etc.) by emails. On websites, verify the legitimacy of website before supplying these information.
- Be skeptical of unsolicited messages offering you money or other items for little to no work. If it sounds “too good to be true”, it probably is.
On your home computers, please also make sure that your computer is protected with an AntiVirus software and is up-to-date.
Refer to these sites for more information:
- UAB IT: http://www.uab.edu/it/home/phishing
- Wikipedia: http://en.wikipedia.org/wiki/Phishing
- Apple: http://support.apple.com/kb/ht4933
- Microsoft: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
Contact DOM IT if you have any questions!