Phishing

Phishing is an illegal Internet activity that often ends up in identity theft for its victims. Phishing scams try to steal confidential information by trolling for unsuspecting victims through e-mails and sending them to fake web sites where they are tricked into providing personal information. The phishing problem is so widespread that the Federal Trade Commission and a global anti-phishing group are actively fighting it.

Phishing e-mails appear to come from banks and many other businesses such as eBay and Paypal. Their messages urge you to go to their counterfeit web sites that appear identical to the authentic ones, with warnings of dire consequences if you do not comply. The fake web sites request that you “validate” personal or financial information or otherwise try to trick you into providing credit card, bank account, and/or Social Security numbers. No matter how compelling or urgent these requests seem, you can be sure that they are phishing if you did not initiate the contact. Legitimate businesses would never seek personal information in this manner.

Recognizing a Phishing attempt:

Phishing attempts often come from seemingly legitimate sources but usually contain clues that they are not valid like:

• Odd English sentence structure or misspellings.
• A return email address/web link that is not from or to the institution.
• Questions about you that the organization already knows about you like your account name, password, location, etc.

The precautions are simple:

• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either.
• Never reveal personal and confidential information such as credit card numbers, passwords, demographic or geographic information, account information or social security numbers via email.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
• Never respond to suspected phishing e-mails under any circumstances.

Thousands of such fraudulent messages flood the university's e-mail system every day, but fortunately, Ohio State's anti-spam defense is at work to reduce the number that arrive in your mailbox. Members of the university community can use the service to their best advantage by learning more about the anti-spam options included with the OSU central e-mail service.

What can I do if I suspect a phishing attempt?

There are some simple steps you can take to report phishing attempts:

• Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems. Send reports of suspect OSU email to abuse@osu.edu
• Verify the request. Call the institution or organization and confirm they need your information If you ever have a question about the legitimacy of an e-mail, please call 688-HELP (8-HELP) for verification and advice.

For more information on phishing scams, refer to:

• Federal Trade Commission on Phishing
• Anti-Phishing Working Group
• Phishinginfo.org

If you feel you have been victimized by identity theft, check this Federal Trade Commission web site for advice about the next steps to take.

Take the OnGuard Online Phishing Quiz

Think you know how to avoid phishing? Try the OnGuard Online "Phishing Scams: Avoid the Bait" online quiz.