In February, a questionable e-mail message reached the inboxes of many members of the Fordham community. While the e-mail purported to contain useful information from the University, it was really a manifestation of a common cyber-attack known as “phishing.”
Phishing schemes are e-mails, websites and pop-up windows designed to mislead the user into clicking on a link that contains malicious software. Shortly after the Feb. 23 e-mail, the University Information Security Office (UISO) identified it as a phishing e-mail.
Well-designed e-mail phishing schemes can sometimes temporarily bypass the spam and virus filters in place at Fordham. Though the UISO could not prevent delivery of all of the phishing e-mails, it broadcast the message as a security threat. Fordham e-mail users can protect themselves by using proper precautions.
Phishing scams will appear to be from an organization with which you normally associate, such as a bank, government agency or Fordham. The message will typically ask you to “update,” “confirm” or “validate” your account information via a URL. This URL will look legitimate, but is, in fact, bogus.
The following tips are ways to identify spam and phishing scams:
• Fordham will NEVER ask you for personally identifiable information such as bank accounts, social security or credit card numbers, usernames, passwords, full name and/or date of birth.
• Watch out for phone numbers in an e-mail. They could be fake. To be safe, use the phone numbers listed on your financial statements and/or the back of your credit card.
• Most e-mails from organizations will be addressed to you if they are requesting personal information. Although this is not always the case, be aware of e-mails that are very generic and not specific to you, e.g., “Dear Trusted Chase Customer.”
• Most organizations use secure connections when it comes to entering personal information, so always look out for websites starting with HTTPS:// The “S” stands for secure whereas HTTP:// is not a secure connection.
• Always hover your mouse pointer over the Web links to view the actual URL to which you would be connecting. The link would be listed in the status bar in the bottom of your browser or e-mail. To be safe, manually enter the URL of a trusted site yourself in a new browser window. For instance, the link may send you to www.chase1.com when you should manually enter www.chase.com.
• Be aware of any e-mails from organizations asking you to open file attachments, as most information is available on their websites.
• Be skeptical about any and all information in an unsolicited e-mail.
• Avoid opening e-mails with suspicious subject titles or from e-mail addresses you do not recognize.
The UISO maintains several communications channels to inform the Fordham community of phishing attacks when they arise.