College Home / Information Technology / Information Security / Phishing

Phishing

phishing, n.

Fraud perpetrated on the Internet; spec. the impersonation of reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

phish, v.

intr. To perpetrate a fraud on the Internet in order to glean personal information from individuals, esp. by impersonating a reputable company; to engage in online fraud by deceptively ‘angling’ for personal information.

trans. To trick (a person) into revealing personal information on the Internet; to perpetrate online fraud by impersonating (a company). Also: to obtain (information) though online fraud.

What is phishing?

Phishers send email as their preferred method of attack. The email will appear to be from an authoritative source, e.g. PayPal, eBay, Helpdesk, Webmail Team, Webmaster, or System Administrator. The message may include a warning about your account status and ask you to reply, update, validate, or confirm your account information. Some phishing emails threaten a dire consequence if you don't respond. The trick to identifying phishing is not just in the sender's name or email address, but in what the email asks you to do. If you recieve any unsolicited request for username, password or other personal information in an email, you have phishing. Please delete the message. No department or authority at the College of Charleston will ever request your username or password by email or phone.

What are the risks of phishing?

College of Charleston email users are frequent targets of phishing attacks. Unfortunately some community members respond to these fraudulent emails. Once a phisher has your login information, they can access your email and use it to send spam, launch more phishing attacks, or take steps to steal your identity. Any information in your mailbox is put at risk of exposure. Responding to phishing also impacts the College's ability to send email. Once a phisher accesses a compromised account, they begin using it to send more spam and phishing attacks. For example, a recently compromised account sent out approximately 200,000 email messages. When internet service providers and email hosts see this activity coming from the College of Charleston, they automatically block all email from the cofc.edu address in order to protect their users. The process to have email from cofc.edu welcomed again with these providers can take 24-48 hours or longer.

What does Phishing Look Like?

The following are examples of phishing. Some key phrases to watch for include, but are not limited to:

accounts are LOCKED. please download the file attached to this e-mail and follow the steps to re-activate it.
Your mailbox is over its size limit. You may not be able to send or receive new mail until you re-validate your mailbox.
Lastly i want you to also reply me with some vital information of yours such as:
Because of possible unauthorized access, we have temporarily deactivated your account. To remove the suspension, please confirm that your card was not stolen. To do this, please download and complete the attached html form.

Example 1 of a Phishing E-mail

example of a phishing e-mail

Example 2 of a Phishing E-mail

example of a phishing e-mail

Example 3 of a Phishing E-mail

Phishing Example

Example 4 of a Phishing E-mail

Phishing Example

If you get a message like any the examples above, please do not respond. No department or authority at the College of Charleston will ever request your username and or password by email or phone.