University of Colorado at Boulder  
Map A to Z Index Search CU Home
ITS logo
Information Technology Services News | Search
ITS Docs

IT Security Topic — Phishing

 


 

Phishing - In the News

PC World reports about an increase in "pharming" attacks, where surfers may be unknowingly redirected to malicious web pages controlled by unknown attackers. PC World goes on to report that statistics show that at least 1,300 Internet domains were redirected in such a manner in early March 2005. The story states, "Pharming attacks are similar to phishing identity theft attacks, but don't require a 'lure,' such as a web link that victims must click on to be taken to the attack web site."

The New York Times reported last year in a story titled "Users find too many phish in the Internet Sea" that "You can be whatever you want to be on the Internet - even if you want to be Citibank." This is a good bit of information to remember. It is important that you absolutely know who you are giving sensitive information to, and trust that organization to protect your information. Just because a message looks like something from that organization, doesn't mean it is.

PC World reported late last year that phishers are adopting scam tricks from virus writers. They write, "You know all about phishing scams, right? You know better than to click on a web link embedded in an e-mail that purports to be from your bank, or to reply to messages requesting your user name and password. But if you think that's enough to protect yourself, think again." The article goes on to highlight a growing trend of phishing spreading online without victims every having to click on a link, they only need to open an e-mail - a trend using an approach that virus writers use. While this scam is still limited in the U.S., experts expect that it will soon target U.S. bank customers.

PC World also listed its take on the top five online scams. According to this article, they are:

1. Auction Fraud, which accounts for three-quarters of all complaints registered with the FBI's Internet Crime Complaint Center. The primary result of this type of fraud is that you never get the product promised, or the promises don't measure up.

2. Phishing Scams, where you receive an e-mail that looks like it came from a legitimate business, warning you about identity theft, and asking that you log in and verify your account information. Even though the e-mail looks like the real deal, complete with authentic logos and working web links, it's a clever fake.

3. Nigerian 419 Letter, where you receive an e-mail, usually written in screaming capital letters, that starts out: "DEAR SIR/MADAM: I REPRESENT THE RECENTLY DEPOSED MINISTER OF AGRICULTURE FOR NODAMBIZIA, WHO HAS EMBEZZLED 30 MILLION DOLLARS FROM HIS STARVING COUNTRYMEN AND NOW NEEDS TO GET IT OUT OF THE COUNTRY..." The letter says the scammers are seeking an accomplice who will transfer the funds into their account for a cut of the total. You'll be asked to travel overseas to meet with the scammers and complete the necessary paperwork. Victims who travel overseas may find themselves physically threatened and not allowed to leave until they cough up the cash. (FYI, "419" is named for the section of Nigeria's penal code that the scam violates.) Victims of Nigerian letter fraud lose $3,000 on average, according to the FBI.

4. Postal Forwarding/Reshipping Scam: You answer an online ad looking for a "correspondence manager." An offshore corporation that lacks a U.S. address or bank account needs someone to take goods sent to their address and reship them overseas. You may also be asked to accept wire transfers into your bank account, then transfer the money to your new boss's account. In each case, you collect a percentage of the goods or amount transferred. And while you can make big bucks for a while, after a few months you're going to find your bank account cleaned out. And, when the feds come looking for the scammers, you're the one they're going to nail.

5. "Congratulations, You've Won an Xbox, iPod, plasma TV, etc." You get an e-mail telling you that you've won something cool, such as an Xbox or an iPod. All you need to do is visit a web site and provide your debit card number and PIN to cover "shipping and handling" costs.

Contact Information
Campus IT Security Office
(303) 735-HELP
security@colorado.edu

   Did You Know?
Phishing is a scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security Number, passwords, or other sensitive information. 

Quizzes

Is it Phishy?
Take these quizzes to see how well your phish detector works. Please note: these links will take you to a non-CU site.

Phishing IQ Test
Test Your Phishing Skills


Useful URLs
Check out these other web sites to learn more about phishing:

Anti-Phishing Working Group offers consumer information on how to avoid phishing scams, what to do if you think you're a victim of one of these scams, and examples of recent attacks (as well as more than 100 screenshots of specific phishing scams).
A Consumer's Guide to E-Payments
How Not to Get Hooked by a ‘Phishing’ Scam
Is Someone "Phishing" for Your Information?
Microsoft Security Solutions
PC World (search its news site for info on phishing, pharming, and other online dangers)
CERT
Gartner Security & Privacy

       
       Support | Training | Facilities | About ITS | ITS Home
 
IT Service Center, 303-735-4357 (5-HELP from an on-campus phone), help@colorado.edu
Send comments about the web site to itsfeedback@colorado.edu
ITS Policies & Guidelines

Last reviewed: August 29, 2006