WHAT IS PHISHING?
Phishing is a technique in which users are directed by an official-looking e-mail to provide personal information under false pretenses. The message may appear to come from a bank, police agency, or even a friend, coworker or other legitimate entity. The information requested may be a credit card number, social security number, ATM PIN number, password or other personal information. The recipient is asked to provide this information via e-mail or by visiting an official-looking website and warned that failure to do so may result in a discontinuation of service. Legitimate businesses and government entities are aware of phishing scams and would not ask you to send sensitive information in response to unsolicited e-mail. You should treat these messages like spam and never reply to them. Information Technology Services advises people to never send any passwords via an e-mail message for any reason.
EASY WAYS TO AVOID PHISHING SCAMS:
1. Keep Informed About Phishing Techniques - by following @binghamtonITS (Instagram | Twitter) on social media, visiting and reviewing the ITS Security pages regularly to keep your data secure, also visit: security awareness training
2. Think Before You Click! Do not click on a link if you are not sure, hover over them before clicking to see if they lead to where they should go...
3. Install an Anti-Phishing Toolbar, you will be glad you did - it's so easy and convenient.
4. Verify a Site's Security - Make sure the site's URL begins with "https" with lock icon and certificate, more info. on above link.
5. Check Your Online Accounts Regularly - Beware of any suspicious activity.
6. Keep Your Browser Up to Date. WHY? Outdated versions of web browsers can open up to serious security flaws.
7. Use Firewalls - a barrier or shield that is intended to protect your devices from the data based malware dangers. Learn more by visiting above link.
8. Be Wary of Pop-Ups - One false move just might cost more than you can afford to give.
9. Never Give Out Personal Information. Protecting your personal information can help reduce your risk of identity theft.
10. Use Antivirus Software: click for more information and available links.
11. Utilize 2-STEP Verification You'll protect your account with both password and phone.
Go to phishing.org for more detailed information on each of these steps, and on more ways to avoid phishing...
OTHER HELPFUL HINTS:
- If you're asked to provide personal information via an e-mail message, DON'T.
- If you're asked to provide personal information via a web site, DON'T unless you're sure the request and web site are legitimate.
- If a request is made to "click here to view full message" or to click on a link, DON'T, double check with sender first. Remember some scams can mask their email addresses to make you think it's someone whom you trust.
Compromised Computer Accounts
There have been several e-mail phishing scams from accounts claiming to be Binghamton University e-mail addresses and asking recipients to send their passwords via a reply e-mail, or to "CLICK HERE..." Some in our campus community have taken the bait and provided sensitive, personal material to unknown parties. Identity theft is a growing national issue. Phishing is one method for unscrupulous persons to gain access to personal or computer account information and launch either spam attacks or hacking attacks on others in the internet community. The account owner is usually not aware of this improper use.
See examples of phishing scams which target Binghamton University accounts.
ITS performed a spot check of outgoing e-mail and found that almost 100 people responded to one of these scams, which purported to be a request from the "Binghamton Technical Support Team" and threatened to cut off e-mail service unless the recipient responded with user ID, password and birth date. We notified those people that they responded to the scam and urged them to change the passwords on their accounts to strong passwords (8-character minimum with a mix of small letters, capitals, numbers and special characters). It is good practice to change your password frequently.
If you have doubts about requests to send sensitive information via e-mail or web page, DO NOT REPLY! Call the office or email the person/party responsible for the request and verify that the request is legitimate and that the data collected is handled securely during transit and at the recipient site. University offices must adhere to this high standard as well. Please consult the University policy on Internet privacy for details.
There is no way we can monitor, filter or discover all the various phishing scams that our users may receive, so be forewarned and ready when you receive these types of solicitations. The University (and other reputable institutions) will not ask for personal or password information in unsolicited e-mail messages, so you should NEVER respond to them, no matter how real they appear to be. If you're unsure of the validity of the message, call a contact number for the organization obtained from verifiable paper correspondence or from the telephone book. Users should also report any suspicious messages to the ITS Help Desk (firstname.lastname@example.org or 607-777-6420) and/or email@example.com, as we are not always aware of every scam in circulation.