Bergen Community College Home Calendar Library Virtual Campus Directions FAQs   
        
About Bergen Admissions Academics Continuing Ed Student Life Student Services News And Events

Printer Friendly Version Site Map 
Home > About Bergen > Campus Resources & Facilities > Office of Information Technology > OIT News - Phishing

Phishing - Nothing To Do With Fish

This important informational update is to forewarn everyone of new computer based identity theft tactics.  The latest, very common and one of the most effective means of stealing ones identity is through phishing, pronounced fishing, another form of spam.  This new spam is very serious, so I will lead off with a quote from a recent article:

“If you screw this up, it will mean you lose dollars. That's right, your own personal money. Your privacy will be invaded and your identity might be compromised. Do I have your attention now? This is not an attack from John Ashcroft or some federal agency applying some obscure interpretation of the Patriot Act. This is coming from real bad guys who want to steal from you.”

Phishing is spam that sends thousands of bogus e-mails out to people.  These emails attempt to entice you into visiting a website and providing personal financial information to people who shouldn't have it.  The mail is professional looking and disguised to look like it's coming from a legitimate business. In the past week, our own VP of Administrative Services received one such message, allegedly from US Bank, and she immediately notified the Information Systems department.  After we investigated the official US Bank web-site, they had a prominent alert posted that their company was being used in phishing scams.  The US Bank warning reads:

This email claims that the user needs to update their information in case they forget their Internet Banking password. If the user is ever locked out of the system, or forgets their password, they can regain access by verifying their identity from information they are now asked to provide. The email contains a link for the user to verify their personal information.

This link opens a fake (ghost) US Bank web site where the user must select their account type. They are then presented with a form asking for personal and account information. When the user submits the form, this information is emailed to the fraudsters while the user is redirected to the genuine US Bank web site. The user is unaware they have just sent their details to the fraudsters. This allows the fraudsters to Hijack the users bank account.

These e-mails are carefully crafted with HTML, and utilize graphics from legitimate companies. There are weblinks in the e-mails that look legitimate, and they appear to point to a special website run by that business. The mails even include disclaimers and legal notices at the bottom, often with working links to the real company's website.

The pitch is usually subtle but appears to be serious. A typical phishing scam will state that you need to update information about your account.   It may state that your account has been inactive for some time or that your account may have been compromised. You're then directed to click a legitimate-looking URL in the mail, which takes you to a professional-looking site with the company's logos and a web form. You're asked to "update" your account information, including logins and passwords, account numbers or credit card information. The problem is, none of this information is going to the company but actually to the bad guys database.

The main clue that these are bogus is that they are addressed anonymously, usually to "valued customer" or "account holder."  Rarely will companies send e-mail asking you to provide information in this fashion.  A quick way to check is to open a browser and manually type in the URL of the company's site and look for warnings about such messages.  In the US Bank case they clearly announced a warning on their web-site that their firm was being used in phishing scams.

Don’t Be Duped

Phishing scams are on the rise and have been reported to be nearly 5% effective in convincing individuals to complete the form along with the private and financial information they are seeking.  Some companies being spoofed in these scams are AOL, credit card companies, banks, Ebay/Paypal, etc., and the list is rising.  

Use Common Sense and Follow These Simple Steps:

1.  If you receive a message like this never fill out the requested information.
2.  Call the company if you have ANY questions
3.  Visit the company's legitimate web-site to see if there are any warnings about their site being used in phishing scams.
4.  In some instances you can report the scam to the company (some companies provide a web page on their site just for this purpose)
5.  Delete the email
6.  Pass this information on to friends and relatives so they are informed.

Note:  There is no need to report these messages to the Information System’s department as there is nothing further we can do.  We have anti-spam measures in effect, however with the millions of spam messages being sent some will slip through and get in your inbox.

Employment Site Map WebAdvisor Course Schedule Online Services
© 2008 Bergen Community College
400 Paramus Road, Paramus, New Jersey 07652, 201-447-7100