Have you ever opened your inbox to find an e-mail encouraging you to take advantage of a work-from-home opportunity that pays incredibly well? Or perhaps a message from a poor soul claiming to be stranded far from home and pleading for your financial support to help him get home?
These are just a couple examples of “phishing” scams, which use e-mails (or in some cases phone calls) to try to lure you into providing personal or confidential information that the scammer uses illicitly.
In the example of the work-from-home con, a trickster might lure people in with a short e-mail teaser, promising upwards of $300 for only an hour’s worth of work per day. If a user is duped and responds to this offer, the would-be trickster follows up requesting additional personal information such as birth date, a Social Security number, a bank account number and a home address to finalize the offer to work. The criminal may then sell the personal data to other criminals or open credit cards in the victim’s name.
The Information Security and Policy Office at the University of Iowa has seen a number of people on campus fall victim to phishing scams like these and is encouraging all individuals to take precautions to protect themselves. Here are some clues to spot scams and tips for what to if you are suspicious of one.
· Do not respond or reply to the initial contact – especially if you are not expecting the e-mail and do not know the sender.
· Do not engage the criminals in further communication. They can use your e-mail address to target you with more elaborate phishing schemes in the future.
· Don’t second-guess your instinct. If an offer sounds too good to be true, it’s probably a con.
· NEVER provide your personal or financial data, especially when it is randomly requested by a stranger.
· Watch out for messages with an urgent tone – like a promise of big money if you act NOW.
· Beware of messages riddled with misspelled words and poor grammar.
· Do a Google/Bing search on the name of the organization the e-mail purports to be from. Contact the organization directly using the contact information on their website for specifics.
· Call or e-mail the ITS Help Desk at either Tel: 319-384-4357 or E-mail: firstname.lastname@example.org to verify the legitimacy of any e-mail or suspicious phone call you receive. By reporting possible scams to the Help Desk, you alert the proper university officials (for the benefit of other students and employees) and prompt them to take action to address it.
· If you receive an e-mail you suspect to be malicious, drag and drop it into your Outlook ‘Junk’ mail folder. Placing e-mail in this folder will disable clickable images that are used to conceal malicious links. This will allow you to see where the link would actually take you if you were to click on it.
For more IT security tips, visit the Information Technology Services (ITS) Help Desk resources at: http://its.uiowa.edu/support/article/3716
Warren Staal is a senior analyst in the Information Security and Policy Office, which is part of Information Technology Services (ITS) at the University of Iowa.