Protect your Sensitive Data from Phishing Attacks

September 16th, 2011 by cbello

Did You Know?
Loyola University Chicago blocks over one million spam messages per day.

What is Phishing?
Phishing is an attempt to steal sensitive information, such as your social security number or passwords, by posing as a trusted organization or person. Phishers are known for using this information for identity theft and other fraudulent acts.

What do Phishing attacks look like?
Phishing is most commonly attempted via an email that will claim to come from a trusted organization, such as Loyola University Chicago, your bank or your credit card company. There are two common mechanisms that phishers use to steal your sensitive information:

  • 1.  They will ask you to respond to an email with your sensitive  information.
  • 2.  They will ask you to follow links to update your sensitive  information.
    • a.  You will appear to be providing your information to the trusted company, while in fact you will be providing that information to a phisher.

What are some types of Phishing attacks?

  • “Spear Phishing” targets a particular person or organization into revealing confidential company information by impersonating the organization, or members of the organization.
  • “Whaling” specifically targets senior management into divulging confidential information.

How can I prevent becoming a victim of Phishing attacks?
No legitimate organization will ever ask you for your password!

Do not click on any links sent via email, as these may take you to a web site that places malicious software on your computer. Instead, enter the address that you know is legitimate into your browser.

For example:  Instead of clicking on the URL received in an email (such as http://www.123citi-bank-usa.com/update/yourcredentials.html), open up Firefox and navigate to Citibank’s known website: www.citibank.com.

Call the institution to inquire on the matter instead of following the link. In addition, refrain from calling any numbers listed in the email, and instead, use a number for the organization that you know is legitimate.

If you are prompted to enter your username and password to a site that appears legitimate, enter both incorrectly.  A fraudulent site will accept the incorrect username and password while a legitimate site will not. Also make sure to check that the SSL certificate is valid and error free. Refer to the following link and steps to validate the sites SSL certificate, http://info.ssl.com/article.aspx?id=10068.

If you do provide personal or sensitive information to a malicious site, immediately contact the appropriate institution with the details surrounding the occurrence.

Where can I send potential Phishing attacks to be processed?
LUC Staff, faculty, and students should report any regular phishing emails or sites to spam@mailfoundry.com.

If you have received a Spear Phishing or Whaling attack, please forward it to DataSecurity@luc.edu.

Where can I find more info?
Visit http://www.luc.edu/uiso/protect_yourself.shtml for additional security tips.

Tags: ,

Comments are closed.