A rogue e-mail message squeezed through ITD’s spam filter this week encouraging the recipient to provide his user log-on name and password. The message had all the appearances of an official help desk notice.
But upon further reading, the recipient recognized it as a scam.
It’s not often that such e-mail passes through the department’s filtering software, explains ITD Cyber Security Manager Forrest Anderson. But isolated instances have been reported.
E-mail and Internet users always should be suspicious of requests for identity information, even when it appears to be legitimate. If in doubt, contact the Enterprise Technology Services office, district technology staff or Anderson.
The Cyber Security manager offered the following excerpts from a notice on “Recognizing and Avoiding E-mail Scams:”
The scams they attempt run from old-fashioned bait-and-switch operations to phishing schemes using a combination of e-mail and bogus Web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you should understand what they are, what they look like, how they work and what you can do to avoid them. The following recommendations can minimize your chances of falling victim to an email scam:
These recommendations are explained in the section “What You Can Do to Avoid Becoming a Victim.” Ignoring them may leave you vulnerable to identity theft, information theft, the abuse of your computer for illegal activity, the receipt of bogus or illegal merchandise, and financial loss.
The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing. For instance, an e-mail can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the e-mail and complete an online form.
The e-mail is sent as spam to tens of thousands of recipients. Some, perhaps many, recipients are customers of the institution. Believing the email to be real, some of these recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution.
If the e-mail is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site.