- Safety and Security
- Network and Phone
- Mobile Devices
What is phishing?
Phishing is an attempt by a person or organization to gain information such as usernames, passwords or credit card information. Once the unauthorized person gathers this information, they can use it to fraudulently purchase items on YOUR credit card, send real or spam e-mail from YOUR e-mail address, or sign up for services in YOUR name. Examples of phishing messages have been compiled to help you identify fake messages. The Phishing page on Wikipedia has more information if you are interested.
Why is phishing dangerous?
Aside from financial loss, phishing can also cost you time, as well as your identity. As said above, once you send your information to a phishing email, someone can start making charges to your name. Not only will you now owe for someone's else's expenditures, you also get to spend hours trying to cancel cards, reverse orders, and try to get your financial life back. This can be very taxing financially, and take a lot of your spare time.
You will also now have a flood of messages from services you've never used before. Accounts for forums, online retailers, lists, just about anything, can start being funneled to your email address. What's worse, the phisher can also spoof your account, and potentially get your account disabled for spamming.
What can I do to protect my personal identity and information?
- NEVER give your password to ANYONE, including technical support personnel.
- NEVER respond to spam messages (this validates your address to the spammer and your e-mail address will be FLOODED with SPAM).
- Read the email critically and ask yourself some questions.
- Does it make sense?
- Is the capitalization, grammar, punctuation and sentence structure, correct?
- Is the email too generic?
- Why are they asking for my personally identifiable information over an unsecure method of communication, such as e-mail?
- Why would the administrators of that system need my username, which they already know?
- Never respond to an email requesting this information.
- Forward suspicious emails to your support group or call the agency requesting the information; E.g. Bank of America, OSU Federal Credit Union, Computer Helpdesk, etc.
- Never click on links or images in suspicious emails.
- Abide by the OSU Acceptable Use Policy you signed, especially the section: "Accounts and passwords may not, under any circumstances, be shared with or used by persons other than the individual(s) to whom they have been assigned by the University."
- Don't chat up scammers. Read a transcript from a real scam artist to gain further insight.
- If you are still unsure what to do, contact your computer support group on campus.
What can I do to report a phishing attempt?
If you receive a phishing attempt and would like to report it, please select your email client from the following list for instructions on reporting a phishing attempt.