Avoid Phishing Scams

Don't Get Hooked by Phishing Scams

What is phishing?

Phishing scams – a technique often used by hackers and identity thieves to compromise accounts and install malware – continue to grow in number and sophistication.

Phishing is a social engineering method in which the phisher uses email or a phone call to lure unsuspecting recipients into giving their personal, financial, or other sensitive information to commit identity theft, gain access to their accounts, or hack their computer.?The email or call normally appears to come from a legitimate person and may even target a specific group (e.g. members of the MSU Denver community), which is known as spear phishing.

Why it's important to avoid phishing scams.

Conmen have been tricking people out of their money for thousands of years, and impersonating someone else is nothing new. E-mail, websites, and chat programs just make it easier to trick people out of their money. Identity theft is the fastest growing crime in America.

Example of an phishing e-mail:

DO NOT RESPOND to these messages!

These messages are fake. They are being sent by hackers trying to trick you into giving them your password so they can take over your e-mail or steal your identity and drain your bank account!

This technique is called "phishing." They are phishing (fishing) for victims. See the example below.

Dear Outlook Account User, This message is from Outlook user care messaging center to all employee and student, to all Outlook account owners. We are currently upgrading our data base servers and e-mail account center. We are deleting all compromised account during the last academic break. You will have to Authenticate your Outlook Account to prevent a permanent closure of this email address/web-mail account. To Authentication CLICK HERE<http://microsoftportalwebaccess.weebly.com/> Successfully authenticated addresses will be automatically notified via inbox. Warning!!! Account owners who do not authenticate their account after receiving this update will have his or her account terminated. We are committed to protecting your privacy. Your sensitive details will not be shared with any third party. MICROSOFT CARE CENTER HELP DESK © 2014 Microsoft Corporation. All rights reserved.

What you can do

ITS has compiled the following tips to help you avoid falling prey to phishers: 

  • Scrutinize all emails before downloading attached files or clicking links. Verify that the email address of the sender is legitimate and someone you know.?
  • Don’t click on unrecognized links. Want to know where a link is actually going? Hover over it with your mouse cursor to reveal the actual web address.
  • Be skeptical of any email with urgent requests for personal financial information. Not sure about a request? Call the company to verify.
  • Be skeptical of messages that have poor spelling or grammar, sloppy formatting, or a generic greeting such as “Dear Customer” rather than your name.
  • Beware of common intimidation tactics such as “Urgent action required!” or “Your account has been compromised!” Call the company to verify if you’re concerned.
  • Don’t download “free” software onto your PC, always follow MSU Denver’s security policies! The Information Security Policies are available on the MSU Denver Policy webpage.

There are thousands of different scam techniques. You should always be on your guard and you MUST always be very protective of your confidential information.

Online conmen use e-mail, websites, and chat programs to trick people into providing them with private and confidential information (such as credit card information, date of birth, etc.). They can use this information to make unauthorized charges to your credit cards, or use your identity to take out loans in your name. Such "phishing" scams often come as an official looking e-mail that appears to have come from your bank, credit card company, online storefronts like Amazon or eBay, online payment systems like PayPal, etc. The e-mail usually says there is something wrong with your account or that they need to verify your information. These messages have been forged and are fraudulent. These organizations will never contact you by e-mail to verify your information, or to inform you of a problem with your account. You should just delete these messages; never reply to them and never follow their instructions. If you need to contact your bank or credit card company, call the phone number that is printed on your monthly statement. If you need to contact an online storefront or other online service, don't use any phone numbers or links provided from the malicious e-mail; visit their website, either with the direct address or via a web search, and use the contact information provided there.

If you receive a malicious or suspicious email to your MSU Denver email account, please report it using Microsoft's internal reporting tools. The exact method will vary depending on how you access your email:

  • Outlook Web App (email.msudenver.edu):
    1. Right-click the offending email
    2. Select “Report”
    3. Select “Report phishing” or “Report junk” as appropriate
  • Outlook Mobile App
    1. Highlight the offending email
    2. Tap the three dots in the upper-right
    3. Select “Report Junk”
    4. Select “Phishing”
  • Outlook Desktop App
    1. Open the offending email
    2. Click the Report Message button in the top ribbon

Also see

Details

Article ID: 121152
Created
Wed 11/25/20 2:26 PM
Modified
Wed 10/18/23 3:59 PM