University of Houston U H Home Search
Sitemap | Bauer Home | UH Home | Search Search Sitemap Bauer Home UH Home Search
 
 
Banner

Tips & Tricks: Phishing Awareness

Main Entry: phishing
Part of Speech: noun
Definition: the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords
Etymology: 1996; as in 'fish' for users
Usage: phish, v; phisher, n
Webster's New Millennium™ Dictionary of English, Preview Edition (v 0.9.6)
Copyright © 2003-2005 Lexico Publishing Group, LLC

In the sinister world of "phishing", there is rarely any good news. When the objective is identity theft using seemingly legitimate email messages authored by scam artists, it is easy to fall prey. Nevertheless, a silver lining to this dark cloud is that fraudulent emails and spoofed websites have characteristic features and smart users can educate themselves in ways to identify them to foul phishing attempts.

The responsible approach

Phishing emails usually get your attention by offering you a chance to win a new car, or inform you of account violations requiring immediate action on your part. While companies do send email communications to their customers with special offers, and occasionally they appear legitimate by introducing privacy policies, err on the side of caution. Ask yourself:

Can I risk it? Do legitimate companies communicate with customers in this manner? Should a matter of this gravity be handled by email? Why is there no alternative mode of communication (like phone number) provided?

Step 1: Identify a hoax email: Flag the warning signs

•  Even though it appears to be from a genuine sender, the text of the email will ask you to enter information (userid, password, credit/debit card/bank account details, SSN, etc.) there and then.

•  The email directs you to another site, to enter information, which appears genuine. This is referred to as a cloaked link, and has potential to be a forged site designed to con you into divulging sensitive personal data.

•  Few organizations if any use raw net addresses in emails. If you see naked numbers in the email address or links, consider yourself flagged.

•  Most online banking organizations use site security, indicated by web links starting with "https" rather than "http". Secure connections are also indicated by a locked gold padlock symbol in the browser's status bar. If you are being asked redirect your browser to an unsecured site, you should question why.

•  Companies of repute habitually host much of their web pages on their own domain site. If the email contains web links, look carefully at everything to the right of the @ sign. If there is another domain after the @ sign (as shown in the image below), suspect a phish. This is the most common trick in "phishing for dummies".

[ Note: For cloaked links, position your mouse over the link. Look for the text in the bottom of your browser frame for the true link hidden beneath. ]

•  Last but not the least, most phishing gangs (a good majority operating from oversees) make their own emails and web pages, which are often full of spelling and grammatical errors. 

Step 2: Practice safe browsing: Outsmart the crooks

It is the best defense against phishing. And yes, it is that simple! Retype web links rather than clicking on them. Alternatively, log directly onto the company's homepage and look for information there to direct you to the right page. Save the email as a source of information.

 

For more on phishing, visit http://www.antiphishing.org/

 
 
   
   
University of Houston State of Texas Privacy and Policies Homeland Security Compact with Texans Reporting Copyright Infringement Contact U H Feedback Site Map Statewide Search U H System