Sounds phishy

In the dog days of summer, look out for the sign that says "Gone Phishing."

Phishing is an attempt, usually made through email, to steal personal information. The best way to guard against phishing is to learn how to recognize a phish.

"The problem is that more and more of these emails look like they're real," says Dwight Fischer, AVP/CIO ITS at Dal. "Universities are targets. We have large populations of users who make for good prey. All it takes is one or two and they can do their malicious work. "

Phishing emails usually appear to come from a well-known organization and prompt you to log in to correct something in your account, often from a bank or university. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.

A few days ago, for example, a phish warned Dal email users that they had almost exceeded webmail storage quota and asked them to click on the link provided. The email was signed "Dalhousie University webmail team."

A few people took the bait and clicked the link, providing their NetID id and password. Uh oh.

Once the miscreants have access to someone’s account, they use it to launch spam attacks elsewhere. As soon as that happened, the Dal email system is was blocked from other mainstream internet service providers, necessitating the shutdown of the system -- twice.

"We would never ask you by email for personal information, such as your password, SIN number or net ID," says Bev Hubley, director of business operations for ITS. "If you get an email like this, be extremely skeptical."

LINKS:

For more on phishing and how to avoid getting hooked, see ITS's information page.

A short and illustrative video clip, Phishing in Plain English, is avaiable on Youtube.

You can join a discussion on phishing at A Sucker is Born Every Minute.