Temple University Computer and Information Services

Students

Faculty

Staff

Information Security

	CS Home
	About Us
	Report a Security Incident
	Alerts & Announcements
	Policies & Guidelines
	Security Awareness Topics
	How to Secure a Computer

Phishing

What is phishing?

Phishing (pronounced fishing) is a technique in which scammers try to obtain personal information by creating and sending out e-mail messages that look like legitimate business correspondence. The e-mail messages include stolen logos and mimicked patterns of banks, credit card companies, and brokerage firms. These messages direct you to a fraudulent Web site requesting that you update your personal information. Some of the most recent scams have included Citibank, Washington Mutual, eBay, and PayPal.

The messages often request that you update your information by clicking on a link. Once you go to the bogus site that looks legitimate, you will be asked to enter passwords, credit card, bank, or social security numbers, or other personal information. If you enter this information, scammers will have access to illegally use your account.

Phishing has become one of the Internet's biggest concerns. According to Reuters, an IBM survey reported that phishing incidents have grown 5,000% in 2004, making the 18 million reported attacks the fast-growing Internet threat of the year.

How can I prevent being a victim of phishing?

Below are three ways to protect yourself against phishing:

If an e-mail requests that you click on a link and provide personal information, do not click on it. A different Web address may be buried in the coding. This link could take you to a fraudulent Web site created to collect your personal information. Instead, try manually typing the desired address into your Web browser to be on the safe side.
For preventive reasons, most legitimate institutions do not use e-mail links to their Web site when requesting personal information updates. Most businesses will have you go to their site on your own. If an e-mail does ask for a personal information update, try getting to that Web page through the institution's Web site. This way, you know the page is legitimate.
Be cautious of any e-mail asking for personal information. Some institutions are frequently used in phishing attacks. Check out the institution's Web site for more information on phishing attacks. It is common for an institution to post phishing information if they've been used in attacks. In general, if you have any doubts whatsoever, contact the institution directly.

If you have any questions regarding phishing, contact the Help Desk at 215-204-8000.

What do I do if I've been scammed?

If you have been a victim of phishing, you should fill out a police report. If the incident happened on Temple's network, contact the Temple University Campus Safety Services at 215-204-1234 or 1-1234.