Published April 1, 2016
Remember when you were a child and you were told "don’t talk to strangers" in order to keep you safe? With over 3 billion people using the Internet worldwide, there are quite a number of "strangers" out there just waiting to steal your personal information.
Phishing is the attempt to acquire sensitive information such as passwords, credit card information, and other private data by disguising as a trustworthy source through electronic communication.
UBIT Senior Information Security Analyst Dr. Catherine J. Ullman is part of the team that oversees IT security alerts at UB and has witnessed a wide variety of phishing attempts. "We have received everything from 'verify your information' to job offer scams and death threats," she stated.
Dr. Ullman said victims of these scams need to remain vigilant and look for warning signs of a phishing scam. "There are some very convincing phishing messages that could trick you into giving away personal information." She advises that in many instances there are signs that can help you identify these threats.
UB's Information Security Office has compiled a list of five red flags that can help you to identify phishing attempts and protect your privacy:
Always check the ‘from’ field to see where the email originated. Phishers will often use email addresses from third party websites, but deceive victims by using a trustworthy name. If you do not recognize the address in the email as the proper address that the sender claims to be representing, it is a scam.
Phishing attempts are often written in a threatening tone to scare the victim into cooperating. The phisher wants a quick response, so the victim has less time to think critically about the threat. "They will say to act quickly because if you don't, something bad is going to happen," Dr. Ullman said. A message with any kind of threat is a red flag that the email is spam.
Phishers spend their time trying to steal your hard-earned money, not taking writing courses. Many scam artists operate in foreign countries and may have poor English skills. When a large company sends out a message on behalf of the entire company, the message is usually reviewed for spelling, grammar, and legality.
Banks don’t need you to send your account number because they already have that information. UB or any reputable business will never ask you for your credit card number, password, or answers to your security questions.
Hovering over an embedded URL will reveal the actual hyperlinked address. If the hyperlinked address is different from the address with which the sender claims to be associated, the message is likely fraudulent.
examples of phishing attempts on the UBIT website. To report a
phishing attempt sent to your Buffalo.edu email, forward the
message as an attachment to email@example.com.
If you have questions or feel your account has been compromised, contact the UBIT Help Center (716-645-3542, www.buffalo.edu/ubit/help).