Security Scam: Phishing

Learn how to recognize identity-theft scams known as phishing.

Don't be fooled by phishing, a type of fraud that aims to collect personal data for purposes of identity theft.

The most common form of phishing involves e-mail messages that look as if they're from a legitimate enterprise, such as UCSD, a bank, or a credit card company. Phishers might also call you (known as "vishing," for voice phishing).

They usually claim there's a problem with your account and ask you for your personal information. E-mails ask you to follow a link to the company's Web site (an authentic-looking counterfeit), where you're asked to enter account numbers, passwords, or PINs.

Legitimate businesses never call or e-mail you to update their records. Because fake Web sites look real and borrow the names of well-known companies, phishing scams reportedly lure in 5% of e-mail recipients.

If you get suspicious e-mail:

• Don't follow links to a Web page. Instead, check the company's Web site by typing the URL in your browser or call the company directly.
• Don't fill out any e-mailed forms that ask for personal or financial information.
• Delete the message.

Resources:

• Anti-Phishing Working Group
• Identity Theft Victims Guide, by the Privacy Rights Clearing House and CALPIRG
• MillerSmilesCo.UK, archive of spoof e-mail and phishing scams
• 800 Notes: Verify a phone number that called you or see common phone scams.

Note: This page has a friendly link that’s easy to remember: http://blink.ucsd.edu/go/phishing

Technology

Security

• Network Security
• Firewalls
• Personal Information
• Passwords & Access
• Single Sign-On
• Phishing
• Computer Incident Response Team
• Departmental Security Administrator