• Home
• Students
• Faculty
• Staff
• Visitors

• AccessID
• E-mail
• Services
• Info / Advice
• Hardware
• Network / Internet
• Computer Security
• Software
• System Status
• Telephones
• About C&IT
• Contact Us

 

E-mail phishing puts your personal information at risk

One way to catch a fish is to trick it with bait that looks like food. Phishing on the Web works the same way.

Thieves send authentic-looking e-mail with real organizations' logos, such as Citibank, eBay, or MSN. If you take the bait by clicking or replying to the message, you could lose your money or even be a victim of identity theft!

While early phishing messages were sent indiscriminately in the hope of finding a customer of a given bank or service, recent research shows that phishers may be able to establish what bank a potential victim has a relationship with, and then send an appropriate spoofed e-mail to the victim. Such targeted versions of phishing, when messages contain infromation specific about an orgnaization such as Wayne State University, are called spear phishing.

The C&IT Help Desk is getting many reports about spear phishing from WSU students, faculty, and staff. The e-mail message looks like it comes from "Wayne Webmail support," "Webmail Administrator," "Wayne messaging center," or "THE WAYNE DESK," among other spoofs.The message asks the recipient to forward his or her e-mail password and other personal information.

If the sender of these messages receives the information they need from you, it is possible they can gain access to the organization's entire computer network. Scammers can install malware (malicious software) or spyware, onto your computer after a link is clicked within the message. The spyware can record keystrokes for the scammer so they can obtain passwords to sensitive material or accounts.

What to do if you receive a phishing e-mail:

• Never reply to an e-mail message requesting a password, user name, account number, or personal/financial information — no matter how legitimate the message may seem or who appears to have sent it. Be assured that WSU will never ask you to e-mail your computer account password or other personal information.
• Delete the message. Viewing it typically does not harm your computer; the damage comes from replying and providing a stranger with your personal information.
• Report suspicious e-mails or ask questions about the legitimacy of any e-mail message to the C&IT Information Security Team by copying the suspected e-mail into this form: calltracker.wayne.edu/phishreport/
• If you did reply to the phishing message,call the C&IT Help Desk at (313) 577-4778, Monday through Friday, from 8 a.m. to 8 p.m. or send an e-mail to helpdesk@wayne.edu.

Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means it is.

What to look out for

• Field Guide to Phishing (from MailFrontier, Inc.) – Clear, concise explanations, and visual presentations of sneaky, dangerous phish that may find their way to your computer, along with some suggestions on how you can protect yourself.
• Recognize phishing scams and fraudulent e-mails (from Microsoft Corp.) – A picture of what a phishing scam looks like and how to tell if an e-mail message is fraudulent.
• Spear phishing: Highly targeted scams (from Microsoft Corp.) – A description of a spear phishing scam and tips to help you avoid them.
• Protect yourself from fraudulent e-mails (from PayPal) – Guidelines and examples of fraudulent (spoof) e-mail.

Ways to protect yourself

• Consumer Advice: How to avoid phishing scams (from Anti-Phishing Working Group) – Recommendations to use to avoid becoming a victim of a phishing scam.
• How to handle a suspicious e-mail (from Microsoft) – Guidelines to help protect yourself from phishing scams sent through e-mail.

Test your phishing skills

• Phishing IQ test (developed by MailFrontier for MSN) – Phishing IQ Test helps people learn to identify online phishing fraud.

How to report suspicious e-mail messages

• Use the WSU Phishing Report form to report phishing, or other suspicious e-mails, that request personal or protected information. Taking steps to limit these messages, sooner than later, will aid in reducing the harmful effects these messages have on our campus network.

What to do if you've been scammed

• C&IT Websites where you can get help analyzing a potential problem and removing any malware that may have been put on your computer
• Self-service – Virus and malware removal
• WSU departments – contact your local support person.
• For home computers – contact the C&IT PC Clinic.

Phishing archive

• Archive of phishing and identity theft e-mail scams (from millersmiles.co.uk) – Website where you can look for specific information on e-mail scams and phishing.

More Help

• Practice safe computing: use e-mail responsibly – C&IT Web page that points out e-mail pitfalls and shows you how to minimize or avoid them by using e-mail responsibly.
• C&IT safe computing principles – A group of C&IT Web pages that identify ways you can stay safe online and explain the most common challenges associated with computer security.
• Computer security awareness video contest winners - These winning videos were submitted by college students for Video Contests sponsored by the EDUCAUSE/Internet2 Computer and Network Security Task Force and the National Cyber Security Alliance.
• Con Artists Attack Colleges With Fake Help-Desk E-Mail – A phishing article from the April 18, 2008 issue of The Chronicle of Higher Education.

• WSU Home
• Faculty and Staff
• Academics and Libraries
• Research
• Apply to Wayne State
• WSU Directories

• Future Students
• Current Students
• Schools and Colleges
• Campus and Community
• Athletics
• About Wayne State

Computing & Information Technology (C&IT)
Last modified on August 8, 2008
WSU Acceptable Use Policy
Contact the Webmaster