Phishing is a scam intended to steal personal and financial information from unsuspecting victims. Passwords, credit card numbers, bank account information, Social Security number, or other sensitive information–all are valuable to scam artists.
Most people think they are pretty knowledgeable about spam and phishing, yet every day someone at Boston University falls for a common email scam and has their account compromised.
Be proactive in protecting yourself. Phishing emails come in many forms and though the most important thing you can do is to avoid them altogether, here are some useful tips to avoid getting hooked:
Don't click the provided link
It is trivially easy to make a link lie to you. Instead of clicking a provided link, use your browser to go to the known and trusted website by typing the link into your web browser yourself.
For example, take this link: http;//www.google.com/ If you click this, it will not take you to Google, it will take you somewhere completely different. Scammers use this trick all the time to trick you to going to malicious websites.
You can tell where a link is going to take you by hovering over it with your mouse. Don’t click. Hover. If you do this for the link above you will see “onguardonline.gov” pop up in a box by your pointer or in a space at the bottom of your email client or browser.
If you are on a smartphone, click and hold the link to have a box appear that will show you the real destination and ask if you really want to go there.
General rule: if the email message is lying to you about where it wants to send you, it is a scam.
Monitor your security
- If you are concerned about your account, contact the organization using a phone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Never share your personal or financial information.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
- Forward spam that is phishing for information to firstname.lastname@example.org and to the company, bank, or organization impersonated in the phishing email. You also may report phishing email to email@example.com, the Anti-Phishing Working Group — a consortium of ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.
- If you’ve been scammed, visit the Federal Trade Commission’s Identity Theft website at www.consumer.gov/idtheft.
Know The Real So You Can Spot The Fake
Learn how to detect a phishing message & fight phishing
Know the top spam scams, so you can recognize them when you see them.
The email asks for your password
It is a scam. Delete it. You will never be asked for your account password from a legitimate source.
Typically, phishers send an e-mail or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online auction service, online payment service, travel service, or even a government agency. “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.” -Or- “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
The email is about a financial account you don't have or an order you know nothing about
The message may ask you to update, validate, or confirm your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. It is almost certain a scam and could look something like this:
Typically, phishers send an e-mail or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online auction service, online payment service, travel service, or even a government agency.
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
The email comes with an attachment you weren't expecting
These files can contain viruses or other software that can weaken your computer’s security.
They may be videos sent to you from a friend’s account that has been compromised. They may be PDF files from some company claiming to contain an invoice from a recent purchase you did not actually make. They might be “screen savers” or executables masquerading as any number of believable things.
Know what is normal for you, so you can recognize the abnormal.
The email has obvious grammatical or spelling errors
Be suspicious of email messages that claim to be from a business and yet contain errors in grammar, use of words, spelling or punctuation should send you a red flag. Most businesses have several layers of review before a message is approved for release to the public. Obvious errors will typically be caught and removed during this process.
If you believe you have received a phishing message, particularly one falsely claiming to be from BU forward it to firstname.lastname@example.org along with the message headers and then delete it. If in doubt, call the IT Help Center (Charles River Campus (617) 353-4357, Medical Campus (617) 638-5914).