Security Awareness - Phishing

Last Updated: 10/19/2012

Overview

It can be dangerous navigating the Internet waters. There are plenty of predators who are trying to steal your money, identity, or computer's operability. But, if you know what steps to take and what things to avoid, you can swim these waters safely and successfully.

Phishing:

Snopes.com defines phishing as "a term which refers to the online imitation of a company's branding in spoofed email messages and web sites, created with the intent of fooling unsuspecting users into divulging personal information such as passwords, credit card numbers, PINs, etc. A typical "phish" email will appear to come from a financial institution (such as a bank or credit card company), informing the recipient that some type of problem has affected his account and directing him to follow a provided hyperlink to clear up the problem. The hyperlink leads not to a legitimate site, however, but to a server (usually in another country) on which an imitation web site has been set up. The fooled customer is then prompted to enter confidential personal information (collected by the scammers for perpetrating) identify theft and (usually) redirected to a legitimate web site to obscure the fact that he just gave away data to crooks."

Phishing sites can also include malicious elements that are intended to take advantage of web browser vulnerabilities. Even if you don't enter personal information on the spoofed web site, you could be putting your computer's security in danger simply by clicking on the link in the spoofed message. The best way to protect yourself from phishing scams is to never click on the link in an unexpected or suspicious message you receive.

It's a scary world out there! But, with a little know-how, you can minimize the risks...

The Internet has made the world a much smaller place. While its benefits are tremendous, connecting us to others and to volumes of instant information on any subject anywhere in the world, its downside includes dark alleys frequented by criminals intent on harming you, your computer, and/or your information.

In the physical world, it used to be that you knew which dark alleys or bad neighborhoods to avoid. Today the Internet, with all its benefits, has also brought the dark alleyways to your computer.  As such, it takes much more vigilance to protect yourself and your computer from would-be criminals.

Some of the risks you encounter simply by surfing the Internet include, but are not limited to: identity theft, viruses and worms that infect your computer, spamming, and spyware infections.

So how do you stay safe? Here are some quick tips:

  • Be suspicious of attachments and unexpected email messages.
    • Use antivirus software to scan anything that you receive in your email. 
    • True company-based emails never send attachments
    • Make sure the link actually goes to their site & not a spoofed one!
  • Be careful about clicking on embedded web links in email.
  • Be cautious about web sites you visit.
  • Don't enter sensitive information on a site you don't trust.
  • Make sure online transactions are actually secure (look for the lock on the bottom right of your browser window).
  • Don't just click on a link, copy it into your web browser and open it that way - that even includes OIT links in the emails we send! Online criminals can hijack your web session and take you somewhere else that may only look like the site you intend to visit.
  • Don't click on pop-ups or ads.
  • Be wary of emails asking for personal or financial information.
  • Use VPN (Virtual Private Network) - CU-Boulder faculty, staff, and students have access at no cost.
  • Keep your operating system and antivirus software up to date so that your computer can help you in the fight.
  • Don't let your browser be "helpful" by allowing auto fill-out of forms.
  • Use common sense. If it sounds weird or too good to be true, it probably is!
  • Be wary of unsolicited technical advice.
  • Remember, email messages shouldn't be considered secure. Because email can be forwarded to anyone, consider the messages you send public information.
  • Always remember to log-off when connecting to secure web sites. If you do not, the next user of the computer may have access to your data.
  • Public computers may not always be securely configured and pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer.