Phishing e-mails attempt to deceive the recipient into giving up private information in a response to a message or by leading the recipient to a fraudulent Web site.

In the past several months, we have seen an increase in the number of “phishing” emails sent to UST accounts.  It is important to never provide anyone with your password, Social Security Number, credit card number, or any other information via email and IRT will never request your username or password from you via email. 

What is phishing?

Phishing e-mails attempt to deceive the recipient into giving up private information in a response to a message or by leading the recipient to a fraudulent Web site. Individuals who send these messages will then use the returned username and password to send further spam through the victim’s account, or attempt to gain access to sensitive information for illegal purposes.   It is called phishing because it “baits” the recipient into providing personal information.

How can you tell if an email is not legitimate?

The simplest way to avoid becoming the victim of a phishing attack is to never click on a link from an unsolicited email or reply to an email with personal information.

Some other ways to avoid becoming a victim are:

• Hold your cursor over the link. A text message will show the URL of the website you will be directed to. If it is not the website of the company sending the email, or it doesn’t start with “https” you can be pretty sure you’ve been phished.
• Never reply to a phishing email; this can give the potential thieves information about you.
• Keep your virus and firewall software up-to-date; some phishing attacks carry harmful viruses or trojans that can collect personal information from your computer.
• Never open attachments that end in .exe or aren’t from a trusted source.

A good resource for more information on phishing scams is available here.

A recent example of a phishing email sent to Saint Thomas can be seen below.

 

What are we doing to prevent phishing at Saint Thomas?

MailMarshal is a UST provided tool that utilizes a number of anti-spam and anti-phishing filters to trap unwanted messages.   However, the reality is that as we advance in our understanding of how spammers and phishers work, they too advance in their methods of circumventing our security measures.  As seen in the example above, some of them have carefully crafted their letters to actually appear to come from a legitimate branch of IRT and often are crafted in a way that our spam filter updates cannot differentiate between phishing email and legitimate e-mail.

How can you help?

As mentioned, never reply to phishing messages if you receive one.  We rely heavily on the user community to inform IRT as quickly as possible when a message gets by MailMarshal filters so that we can minimize negative impact to the email environment.