CofC Logo

Phishing

phishing, n.

Fraud perpetrated on the Internet; spec. the impersonation of reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

phish, v.

intr. To perpetrate a fraud on the Internet in order to glean personal information from individuals, esp. by impersonating a reputable company; to engage in online fraud by deceptively ‘angling’ for personal information.

trans. To trick (a person) into revealing personal information on the Internet; to perpetrate online fraud by impersonating (a company). Also: to obtain (information) though online fraud.

 

Message from CIO

Wednesday, February 29, 2012 8:29 AM

Faculty & Staff,

At the urging of the Executive Vice Presidents (EVP’s) and with the concurrence of the Faculty Education Technology Committee (FETC) of the Faculty Senate, every College employee is required to take a Phishing Quiz as a constructive learning experience.  Their goal is to reduce the incidence of College-wide disruptions of email services as occurs whenever an employee is duped into responding inappropriately to a phishing message.  There have been approximately 44 such incidents at the College in the past 22 months: more than half of these have been by employees.  And, phishing solicitations are becoming increasingly sophisticated and deceptive, so we each need to improve our phish-spotting skills.

The phishing quiz is comprised of 10 samples, randomized in sequence, of both actual phishing messages received here at the College and also messages that may have some appearance of phishing but are not.  Each question will offer you a sample and you are asked what to do with it -– delete it as phishing, or treat it as legitimate.  While some of the examples used in the quiz may seem like obvious phishing, they are based on real examples that have previously duped employees at the College. It should take you approximately 10 minutes to complete the quiz; you must complete the quiz in a single session.   EVPs will receive a report listing those employees who use email but did not complete the quiz.

To access the phishing quiz, please visit https://phishingquiz.it.cofc.edu.  Login with your Cougars login and password.  If you start the quiz, but do not complete it, you will need to contact Helpdesk at helpdesk@cofc.edu or call 953-3375 to request that your quiz be reset. You are asked to complete the quiz by Friday, March 16.

The IT web page at http://it.cofc.edu/security/phishing/ provides very helpful information about phishing, as well as samples of phishing.  You may find it helpful to visit this resource before taking the quiz.  The fun phishing posters can be found at http://it.cofc.edu/security/phishing/posters.php.

Thank you for doing your part as a College community member to address this malware challenge, the consequences of which have repeatedly affected each of us.

Sent by Bob Cape on behalf of EVPs and FETC

Dr. Bob Cape
Sr. Vice President / CIO
College of Charleston

What is phishing?

Phishers send email as their preferred method of attack. The email will appear to be from an authoritative source, e.g. PayPal, eBay, Helpdesk, Webmail Team, Webmaster, or System Administrator. The message may include a warning about your account status and ask you to reply, update, validate, or confirm your account information. Some phishing emails threaten a dire consequence if you don't respond. The trick to identifying phishing is not just in the sender's name or email address, but in what the email asks you to do. If you recieve any unsolicited request for username, password or other personal information in an email, you have phishing.  Please delete the message. No department or authority at the College of Charleston will ever request your username or password by email or phone.

What are the risks of phishing?

College of Charleston email users are frequent targets of phishing attacks. Unfortunately some community members respond to these fraudulent emails. Once a phisher has your login information, they can access your email and use it to send spam, launch more phishing attacks, or take steps to steal your identity. Any information in your mailbox is put at risk of exposure.  Responding to phishing also impacts the College's ability to send email.  Once a phisher accesses a compromised account, they begin using it to send more spam and phishing attacks.  For example, a recently compromised account sent out approximately 200,000 email messages.  When internet service providers and email hosts see this activity coming from the College of Charleston, they automatically block all email from the cofc.edu address in order to protect their users.  The process to have email from cofc.edu welcomed again with these providers can take 24-48 hours or longer.

What does Phishing Look Like?

The following are examples of phishing. Some key phrases to watch for include, but are not limited to:

  • accounts are LOCKED. please download the file attached to this e-mail and follow the steps to re-activate it.
  • Your mailbox is over its size limit. You may not be able to send or receive new mail until you re-validate your mailbox.
  • Lastly i want you to also reply me with some vital information of yours such as:
  • Because of possible unauthorized access, we have temporarily deactivated your account. To remove the suspension, please confirm that your card was not stolen. To do this, please download and complete the attached html form.

Example 1 of a Phishing Email

example of a phishing e-mail

Example 2 of a Phishing Email

example of a phishing e-mail

Example 3 of a Phishing Email

example of a phishing e-mail

Example 4 of a Phishing Email

Phishing Example

Example 5 of a Phishing Email

Phishing Example

If you get a message like any the examples above, please do not respond. No department or authority at the College of Charleston will ever request your username and or password by email or phone.

Lower Banner 2