Phishing involves fraudulent email requests for personal information.The goal of a phishing scam is to steal your valuable personal data, such as credit card numbers, passwords, account data, and other information. The con artists who design phishing scams send out millions of fraudulent email messages that appear to come from organizations you know and trust, like your bank, credit card company, or school. The email will direct you to provide personal information such as your bank account number or social security number. The bogus e-mails often include links to authentic-looking Web sites that have logos taken directly from legitimate Web sites. If you think you've received a phishing email message, do not respond to it.
"Many people think that computer security concerns only relate to viruses, but personal security is equally important," said Kathy Kimball, director of Security Operations and Services (SOS). "There are numerous types of fraud that can endanger computer users on a personal level—and email is an extremely effective way to distribute fraudulent messages to potential victims."
Kimball said that privacy protection has become essential today because of the wide spectrum of dangers including identity theft, email hoaxes, phishing scams (fake email messages that request sensitive data), malicious attacks and spyware technologies which increasingly target Internet users. "If it looks too good to be true ... for example, you receive a message that says you won $3 million from an online lottery you've never heard of ... then it is too good to be true," Kimball cautioned. "No matter how tempting it seems, never respond to a message that asks you to send money or personal information."
On occasion, phishing scams are directed at Penn State students, faculty and staff. Fraudulent email appearing to come from official University offices invites the reader to click on a link or share private information. Check the ITS Alerts System to get the latest news pertaining to phishing or other security issues. In the case of a compromised account or an incident involving sensitive information, call the ITS Security office at (814) 863-9533 during regular business hours. For cases of harassment or direct threats, contact your local police department.
For specific tips on how to protect against phishing, Kimball suggests that Penn State community members visit the following Web sites:
- Penn State's Phishing website: phishing.psu.edu
- OnGuardOnline.gov offers a phishing video, quiz, and tips on security
- Recognize phishing scams and fraudulent e-mails (Microsoft)
- What is email fraud, and what should I do about it? (Indiana University)