Yes, PHishing; and No, it has nothing to do with slinging a baited hook in the water.
What is Phishing?
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
This is a very real problem I've seen again and again. Most of the incidents I've had to deal with are related to messages that users receive asking them to verify their usernames and passwords. DON'T DO IT! This usually results in a compromised account, in which the attacking party then logs into your account and sends thousands of email messages on your behalf often containing illegal material. Not to mention when they log into your OneTech account they have access to all your personal information stored inside. Here's an example of a phishing email we've seen lately.
Note the Phishy things I have highlighted in this message:- Phishing messages often contain poor grammar.
The message says "we will be deleting all mail account that is not functioning" where it should state "we will be deleting all mail accounts that are not functioning" - Phishing messages generally come from unfamiliar email addresses.
This messages says to reply to "edu.verification@live.com". As you know our email addresses end in @atu.edu and any correspondence about your account would also come from an @atu.edu email address. - Phishing message will ask for personal information like your username and password.
You should never give anyone your password. We will not ask you for your password via email. If you are asked for your password via email, tell the person requesting the information you'd rather them reset your password. If they have the ability to reset your password, it is very likely they are trustworthy and you are not being phished. - Phishing messages generally contain unfamiliar terminology
This particular message refers to our system as "webmail". Our system has never been referred to as webmail, but as OneTech. We usually refer to usernames as OneTech IDs.
These things we found in this message are common between most phishing messages, so keep an eye out for messages that seem suspicious and delete them immediately. Be very careful when replying to email. As a general rule, it is better not to send any personal information, especiallially credit card or bank information, usernames, or passwords, via email.
What if I've already responded to one of these messages?
The type of information that you've handed over to a phisher determines the steps you should take once you realize the email was not legitimate. If you sent someone your username and password, that's an easy fix; simply change your password. But if you've sent more delicate information, such as credit card or bank account numbers, you will most likely have to change your credit card or bank account numbers in order to be protected from the damage that phishers can cause. Although, by the time you realize that you've sent that information away, it's very likely that the damage that the phisher had intended to do has already been done. The best protection against phishing is to simply not respond to the email.
The type of information that you've handed over to a phisher determines the steps you should take once you realize the email was not legitimate. If you sent someone your username and password, that's an easy fix; simply change your password. But if you've sent more delicate information, such as credit card or bank account numbers, you will most likely have to change your credit card or bank account numbers in order to be protected from the damage that phishers can cause. Although, by the time you realize that you've sent that information away, it's very likely that the damage that the phisher had intended to do has already been done. The best protection against phishing is to simply not respond to the email.
