IMT Takes Action Against Phishing Scams
August 19, 2008
|
|
|
|
by Jeff Birch, Chief Technology Officer
In recent weeks, many individuals in our community have received multiple “phishing” emails attempting to request personal information. Phishing is the practice of sending fraudulent emails that try to trick you into giving away your personal information by mimicking official communication from the organization.
Phishing emails may come addressed specifically to you and may have all the characteristics of a legitimate message, including familiar corporate logos and well-written text, so it can be difficult to tell that the message is fraudulent.
Due to individuals corresponding with these attempts, several APU accounts have be accessed and used to spam thousands of Internet users. IMT has identified multiple accounts which were compromised and has taken corrective action to ensure that these accounts are no longer sending out unsolicited emails (i.e., Lottery Scams, Personal Information Request, etc.). Our engineers are also working diligently to contact all online domains that these messages originate from to inform them of illegal activity regarding their systems.
If you should receive any suspicious emails or an external inquiry about our APU accounts sending unsolicited emails, please report these immediately to the Support Desk at Ext. 5050 or support@apu.edu.
Tips for Detecting Fraudulent Email:
Here are a few phrases to look for if you think an email message is a phishing scam:
"Verify your account."
APU will never ask you to send passwords, login names, Social Security numbers, or other personal information through email.
APU will never ask you to send passwords, login names, Social Security numbers, or other personal information through email.
"If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you will respond immediately without thinking. A phishing email message might even claim that your response is required because your account might have been compromised or closed.
These messages convey a sense of urgency so that you will respond immediately without thinking. A phishing email message might even claim that your response is required because your account might have been compromised or closed.
"Dear apu.edu Webmail Subscriber. ”
Phishing email messages are usually sent out in bulk and often do not contain your first or last name.
Phishing email messages are usually sent out in bulk and often do not contain your first or last name.
"Click the link below to gain access to your account."
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.
HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a website.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony website.
Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign. Please see above for an example of a masked URL address.
By carefully following these tips, we can all help prevent phishing scams from further compromising our email.
