Beware of Attempts to Collect Your Personal Information

What is Phishing?

Phishing is an attempt, using fraudulent e-mail or pop-ups, to get you to divulge sensitive financial information such as credit card numbers, account numbers, usernames, passwords, or social security numbers.  Phishing differs from virus or worm attacks in that the e-mail or pop-up itself is innocuous, and cannot grab your personal information from your system without your knowing it.  Instead, phishing relies on old-fashioned con artist tricks to get you to give up the information voluntarily.  This information is used to steal your identity and run up bills in your name.  Phishing is on the rise, with over 1,100 active phishing sites reported in October 2004.  Some estimates put the economic damages of Phishing at over $32 billion in 2003.

How does it work?

Generally the e-mail or pop-up will be cleverly crafted to look like it came from a bank, financial institution, or other online company, such as PayPal or eBay that you trust.  It will ask you to verify account information within the body of the e-mail (threatening dire consequences if you don’t), or direct you to a website that fakes the look of the company’s website.  Often times these fakes are very good (see example).  Any information you enter will be sent to the perpetrators of the fraud.

How do I protect myself?

The best protection against phishing scams is to be cautious in how you share sensitive financial or personal information. Be skeptical of any e-mail or website that asks for personal information.  Legitimate businesses are very aware of phishing, and do not send e-mails requesting sensitive information. Do not reply to the e-mail, or follow any of the links. If you think the request might be genuine, confirm it either by calling the company directly at a number you know, or go directly to the company’s website by typing a known address in the browser window.  When evaluating an e-mail message requesting personal information, try to imagine it as an unsolicited telephone call.  If you wouldn’t give that information over the telephone to an unknown caller, don’t give it out in response to an unsolicited e-mail.

What does Babson do to prevent phishing?

You are most likely familiar with the steps ITSD takes to protect the Babson community from technology attacks, by providing anti-virus software and distributing security patches.  Unfortunately despite the fact that phishing attacks are distributed via technology, the attacks themselves are not really technology attacks, and thus there is no software that can fully protect you.  Our Postini anti-SPAM filter blocks many phishing e-mails, and pop-up blockers can limit the number of pop-ups you get, but no technology can prevent you from falling for the con.

What should I do if I’ve given out information to Phishers?

What you do will depend on what type of information you have given out.  The Anti-Phishing working group has excellent information relating to many different types of attacks on their Consumer Advice web page, at http://www.antiphishing.org/consumer_recs2.htm.

How can I learn more?

There are a number of sites on the web that provide information about phishing. Some of the better ones include: