No Phishing Allowed
The word "Phishing" is a variant of the word "fishing." It generally comes from an analogy of spammers sending many emails (casting a wide fishing net) in hopes of catching a user (the fish). Though many users don't fall victim to the scams, it only takes a few to make it successful for the spammer.
WHAT IS THE POINT OF PHISHING?
"Phishers" typically attempt to steal information from you. This information includes (but isn't limited to) STUDENT/FACULTY ID and password, email login information, banking information, and more. Attackers can use this information for different reasons including gaining privileged access to UHCNO's network, sending malicious spam from your email account, stealing sensitive personal information, etc. Your financial/banking information could be used to steal your identity, pilfer funds from your account, send money out of the country, and more.
CHECK BEFORE YOU CLICK!
Most phishing scams can be avoided by sticking to these basic principles:
- Treat ALL LINKS as if they are suspicious. (Links include Web Addresses & URLs)
- Log in with your UHCNO USER ID at official uhcno.edu sites ONLY & pages such as Self Service and Blackboard.
- Never provide your password or other sensitive information in an email message.
- Youare responsible for your UHCNO USER ID. DO NOT share your UHCNO password with ANYONE for ANY REASON.
- Email is NOT a secure way to send out personal information. ALL e-mail messages can be intercepted when it is sent & email messages are NOT encrypted or protected by default.
- If an attacker gains access to your email account, ALL of the sensitive information stored there will be accessible to the attacker.
- Be suspicious of messages such as these:
- You are urged to take"Immediate Action", there is a sense of urgency, or you are threatened that your account will be shut down.
- Claim that your email inbox is Full or near it's quota and needs to be upgraded.
- Claim that you must login to enable security features or other services.
What do you mean by "treat all links as suspicious"?
Many emails are sent like a Web site with HTML code behind the scenes. This is done in order to include Web links, display images, and provide other special formatting. However, web links can be deceiving. (Example: The following text link - not-an-uhcno.edu site - opens the official UHCNO web site.)
This recent spam email was an easy 'phishing' ploy to spot:
From: Molly Cooney <firstname.lastname@example.org> the sender's email address showed up in the email
Date: August 15, 2013, 6:12:55 AM CDT
To: "email@example.com" >
Subject: Notice concerning your email account
Notice concerning your email account
Dear Account User,
This is to inform you that your email account has exceeded
storage capacity and it is generating a continuous error script (code:505).
Soon you will not be able to send and receive e-mails and your e-mail account will be blocked from the server. You need to reset and validate your account.
To do so please
CLICK HERE NOW To re-validate and reset your email account. Please login with valid information by clicking on the link above.
Thank you for your cooperation.
THE MAIL TEAM
You shouldn't automatically trust what you see in email messages.
As long as you do not click on any malicious links or respond to the email with personal information, you as well as your computer should not be at risk.
Text links that appear as one link but lead to another should be treated as highly suspicious.
How do I check where the links actually go?
If you are using a desktop or laptop with a mouse, you may easily 'hover' the mouse cursor over the link. The actual destination of the link will either appear in a popup box next to your cursor or it may appear at the very bottom of the email window. See below.
As always, if you have any questions, concerns or comments, please feel free to email the IT department via firstname.lastname@example.org
If you would like to learn more about phishing and other email scams, go to Public Service Announcements