September 15, 2005

Hi and welcome to the Fall 2005 edition of the ITS newsletter. In this issue you will find interesting and helpful articles on Banner updates, clean access, and general tips on getting the most out of your computer. Happy reading and as always, if you have any comments or concerns, please don’t hesitate to call us at 660-785-4163 or drop us a line at itsfeedback@truman.edu.

Phishing

Webopedia defines phishing as: (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

What does this mean to you? Plenty! Phishing works by responding to seeming valid emails from trusted sources like your bank and credit card companies. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card and bank account numbers that the legitimate organization already has. Once you reply to these false sites, the phishers have your valid numbers and can immediately send the information around the world for other to use as they please.

One of the more popular ones that I have seen relate to bank accounts. These e-mails are carefully crafted with HTML, and utilize graphics from legitimate companies. There are weblinks in the e-mails that look legitimate, and they appear to point to a special website run by that business. The mails even include disclaimers and legal notices at the bottom, often with working links to the real company's website.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Truman has an anti-spam filter that will filter out most of these messages, but some eventually still get through. No anti-spam filter is 100% effective. Remember, please be careful and don’t open email you believe to be of a suspicious nature. For more information, please go to the Anti-Phishing Working Group at www.antiphishing.org.