Awareness Campaign - Computer Security 101
Identifying Fact from Phishing
Be skeptical! When you receive a questionable e-mail, there are a number of ways you can test whether it’s real or not:
Always carefully check the URL of any links the e-mail is directing you to. Hover your cursor over the link; if anything is even slightly different than you expect (ex. www.ebay-members-security.com vs. www.ebay.com), the site may be fraudulent.
Remember "from" addresses in e-mail are routinely forged by viruses and spammers. So you may think you have an important email from Ebay, but it's really some criminal trying to trick you into providing valuable information.
Search Google for the text in the "subject" field to confirm well-known examples of spam/scams/viruses.
Check out the "Phishing Archives" at http://www.antiphishing.org/ to see if it's a known phishing scam. Even if it is not listed here continue to be skeptical! It may be a brand new phishing scam that hasn't made its way into the news yet.
Receiving multiple copies of the same "alarming" email is often a clue that an email is bogus.
If you are in doubt at all, initiate contact with the organization yourself to verify the information you received.
Question 2. You get an e-mail from your university advertising a security exam that promises great prizes. How do you know it’s a legitimate e-mail and not a phishing attempt?
| A | The exam links to an official university Web site which shows the padlock security symbol in the status bar. | |
| B | The invitation was sent as a text message showing the full URL (address) of any links, not as html with a button saying “click here.” | |
| C | You can cross-reference the contest in other forms of legitimate advertising, since the contest is also being publicized on university bulletin boards and in the school newspaper. | |
| D | The ITS HelpDesk (available at 810-766-6804) is aware of the contest and will verify its legitimacy. | |
| E |  | All of the above. |
Previous Question | Next Question
Never just assume that an email is legit when it is asking for valuable personal information! To avoid being the victim of a phishing scam you should never provide personal information via email.