According to the Federal Trade Commission (FTC), the nation's consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, college or university, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages may request you to respond by e-mail or direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity, run up bills, send spam, or commit crimes in your name.

College of Charleston students, faculty, and staff are frequently the target of these attempts to trick users into providing their login, password, id number, pin number, or other information. Once the phisher has that information, they can access a user's e-mail and/or user account and use it to send spam, launch phishing attacks against other networks, or proceed to steal that person's identity.

What does Phishing Look Like?

Phishers often use e-mail as their preferred method of attack. The e-mail will appear to have been sent from an authoritative source using a name like Helpdesk, Webmail Help Desk, Webmail Team, Webmaster, CofC Webmaster. The trick to identifying phishing is not just in the sender's name or e-mail address, but in what the e-mail asks you to do. The e-mail will typically request that you send your username and or password to the requestor by either replying to the e-mail or visiting a website link included in the e-mail. If you see any request for username or password in an e-mail, you have got phishing. No department or unit at the College of Charleston will ever request your username and or password by e-mail or phone.

Example of a Phishing E-mail

Aside from the obvious spelling errors and poor formatting, this e-mail meets the criteria outlined for phishing.

1. "Some phishing emails threaten a dire consequence if you don't respond." According to this example you won't be able to send e-mail unless you respond.
2. "The message may ask you to "update," "validate," or "confirm" your account information." This example requests USER NAME and PASSWORD be sent to "rectify" the problem.

If you get a message like the example above, please do not respond. No department or unit at the College of Charleston will ever request your username and or password by e-mail or phone.

Another Example of a Phishing E-mail

This phishing example really goes out of its way to sound official while making threats if you do not respond. These are the tactics of a phisher. Never respond to these types of requests or threats. If you receive an e-mail that you cannot tell if it is phishing, call Helpdesk at (843) 953-3375 and ask. Whatever you do, never respond to the e-mail.