The Internet is a dangerous place. That may be what your parents told you when you were young after reading some scary article about a bank account being drained from a scam. Certainly the Internet can be a dangerous place.
MTSU sent out an announcement from the Information Technology Division warning students of a scam being spread by email. Apparently someone is sending students emails claiming to be from the helpdesk, seeking information such as their name, MTSU account login and password.
With this valuable information, the attacker could login to a student’s MTSU account and get private information such as parent’s name and contact information, a copy of the student’s transcript, access to class information and more. Moreover, with this access an attacker could login to the student’s email and use that as a means to reset passwords to popular social media sites such as Facebook.
Phishing is using electronic communications, such as email, as a means to fraudulently obtain private information such as usernames, passwords or credit card numbers. A certain level of “social engineering” goes into these attacks. The attacker must present himself in a manner that makes the victim believe they are being contacted by an authority with valid need for requesting this information.
Phishing attacks go beyond MTSU, though. Banks are targets of this type of fraud. Users are constantly bombarded with emails containing links that appear to come from their bank. When a user clicks the link, they are taken to a site that looks like their bank’s website, but is far from it. These sites have the user enter their password or account information.
Because the website looks similar in design to the bank’s official website, users are less likely to question the validity of the site and feel comfortable providing this information. The end result, unfortunately, is usually an empty bank account within a few hours. Certainly banks have measures in place to prevent this type of fraud, or to insure customers against fraud, but prevention is the best insurance.
First, be aware that MTSU, your bank or any other reputable institution will never seek personal account information through email. Additionally, never release this information over the phone unless you initiated the phone call. If someone calls you and asks for this information, even if they are your bank, offer to call them back and verify the number provided is indeed who you think it is.
For email, it is wise to look at the sender’s address and verify that the email address looks valid. Although attackers can manipulate email so the address looks valid even when it is not, many don’t even bother and you can quickly spot a fraud this way.
Next, never click a link in an email unless you know exactly who sent the message, you are expecting the link and know where it will take you. Links can be changed so that the text in the email is one address and the link you click is another, so it is usually better to copy and paste the link into the web browser rather than clicking the link directly.
Although not usually associated with phishing, many attackers sent viruses and other malicious software through email in the form of attachments. Avoiding this is simple – never open an email attachment that you weren’t explicitly expecting, including image files and office documents.
Truly, the Internet can be a dangerous place. Proper knowledge of attacks and careful use of electronic communication will ensure your private data remains private.
Phishing puts Web users at risk
Published: Wednesday, October 28, 2009
Updated: Tuesday, November 3, 2009
Be the first to comment on this article!