What are phishing scams?
Phishing scams are a form of Internet fraud. This type of scam uses spam or pop-up messages to trick users into disclosing credit card numbers, bank account information, Social Security numbers, or other confidential information.
How do phishing scams work?
Cyber-criminals send e-mails or generate pop-up messages claiming to be from a legitimate business or organization that you might typically deal with; such as your Internet Service Provider (ISP), online payment services (credit card companies, eBay, PayPal), loan company, parcel delivery servicer, University, and/or bank. Phishing scams are becoming more sophisticated in nature because cyber-criminals are incorporating company logos and company contact information in their scams. While designed to appear authentic, these websites you are directed to are actually controlled by the attacker and are intended to harvest your personal information.
Why do cyber-criminals want my account details?
Cyber-criminals can use your information in a variety of ways. With you personal and financial data, cyber-attackers can commit fraud and identity theft. They can also harvest your account information to send out more spam to others. By pretending to be you, they may be able to get more users to click on their malicious sites.
Why do phishing emails reach my official University account?
The University directs email through anti-spam filters as they enter into our mail servers; however, it is inevitable that some of these emails may still reach your account. Cyber-criminals are constantly looking for ways to bypass our rules. Additionally, there are instances where an internal user's account has been compromised and their emails are allowed to pass through our filter. Given this, it is critical that you become familiar with how to distinguish a phish. JUST BECAUSE AN EMAIL REACHED YOUR ACCOUNT DOESN'T MAKE IT LEGITIMATE!
Follow these best practices to prevent getting snagged!
- FIRST AND FOREMOST, the University will NEVER ask you for your user name and/or password. This is private information and you should never give your password to anyone. Additionally, the University would rarely notify you about your mailbox exceeding its limits. If you receive a notice and are concerned, contact IT Tech Support directly.
- Turn on your firewall and use anti-virus software. Anti-virus software and web browsers periodically offer updates, which contain security patches, so these items need to be updated regularly. Also, make sure your operating system and applications are up to date.
- Never email sensitive information. Email is not a secure method for transmitting or saving sensitive information such as passwords, financial information, Social Security numbers, et cetera.
- Limit your web browsing to well-known and trusted websites and use encryption. Use SSL encryption (https://) for web browsing when possible. If you initiate a transaction, look for a secure SSL encryption as well as indicators that the site is secure for transmissions, such as the padlock symbol.
- Beware of unsecure Wi-Fi connections. You should never access, transmit, or receive sensitive information over an unsecure Wi-Fi network. Your data could easily be intercepted by a cyber-attacker inconspicuously sitting at the table next to you.
- Check bank and credit card statements regularly. Watch for any unauthorized charges and report it immediately.
- Be suspicious of email. Beware of email requiring immediate attention and demanding personal information or account information. Other suspicious indicators include spelling/grammatical mistakes, an overall generic tone, and an ambiguous website link.
- Before you act, carefully consider the type of information requested. Pay close attention to the site you are directed to. If it is a hyperlink, hover your mouse over the link and check the URL. If it claims to be from the University, then the website should direct you to an official Mizzou webpage.
- Do not click on direct links. Avoid clicking on direct links provided in an email. If you get an email from a known source, such as your bank or credit card company, then type their web address directly into your browser instead of clicking on the link provided. Remember, cyber-attackers can spoof company logos and contact information.
- Do not open attachments from unknown sources. Attachments can contain viruses that allow cyber-attackers to gain control of your computer system. If they gain access to your email directory or social media networks they can send malicious emails on your behalf.
- Be cautious when using a public space. If you are using a public computer, never save items to the machine, clear your cookies and cache, and sign off before you leave. DO NOT ACCESS OR TRANSMIT SENSITIVE DATA OVER A PUBLIC MACHINE!
- If it seems too good to be true, it is probably an attack. Help report phishing! If you did not actively sign-up for a drawing, chances are you are not a winner! Also, if a distant relative has left your an inherintance, it is likely email would not be your official notice! You can report phishing email to the University. To do so, open a new email message and address it to email@example.com. Drag and drop the phishing email from your inbox into this new email message as an attachment. NEVER DIRECTLY REPLY TO A PHISHING EMAIL.
If You Think You Have Already Been Phished...