Avoid Phishing Scams
A phishing scam is an email fraud in which the perpetrator sends legitimate-looking emails that appear to come from a well-known and trustworthy website in an attempt to gather personal and financial information from a recipient. There are two types of phishing scams. The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or other service. If you receive a message that asks you to send in your WPU password, it is a fraudulent email. The second type of scam asks you to click on a link to a fake site and log in with your password to verify your account. Be advised that IT Services will never request your password, nor will we ask you to change or "validate" your password at a site other than www.wpunj.edu. If you receive a message that asks for your WPU password, it is a fraudulent email. Once you've responded to either of these types of scams, you've placed your personal information in the hands of scammers who can misuse it.
Here are a few simple guidelines to avoid falling into phishing scams. See our Identify Phishing Scams page for a step-by-step guide on how to identify phishing emails, and our Phishing Examples page for real-life phishing examples.
- Be suspicious of any email with urgent requests for personal information
Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc. Phisher emails CAN be personalized, although they are typically not. Valid messages from your bank or e-commerce company generally are personalized. If you receive a suspicious email, verify by calling the person or organization in the "From" field before you respond or open any attached files.
- Do not click links in email messages, if you suspect the message might not be authentic or if you don't know the sender.
Always verify the real target address of a link by hovering the mouse over the link before clicking it, or enter the link in your browser window.
- Never share password, personal or financial information over email.
You should only communicate information such as credit card numbers or account information via a secure website or the telephone. Email is not a secure way to send sensitive information. Never email your password, personal or financial information. Likewise, because there is no way to check the security certificate of pop-up windows, do not enter sensitive information even though they may look official or claim to be secure. Close pop-up windows by clicking the red X in the top right corner (a "Cancel"button may not work as you'd expect).
- Don't trust offers that seem too good to be true.
What's too good to be true is probably too good to be true. If you don't remember a relative, you probably don't stand to inherit millions of dollars from him or her. If you don't remember entering a lottery, you probably haven't won anything. Exercise common sense before responding.
Email Attachments and Viruses
One of the most common means by which computer viruses and worms spread is through email attachments. When opened, these attachments can give hackers complete control of your machine, or intiate an attack on another machine, or start sending out copies of itself to email addresses it finds on your hard drive - or all of the above. Malevolent software of this type has crippled personal machines, email servers, and networks at the University and everywhere on the Internet multiple times - and will again.
Here're a few simple guidelines to ward off malicious attachments:
- Don't open unexpected attachments.
No kidding -- if you don't open an attachment, it can't infect you (unless it's found a security hole in your email client). Many people fall into the habit of opening attachments without thinking about it. Don't do this; you should always think about whether you want to open the attachment first. Assume an attachment is hostile until proven otherwise. If you do know the person in question, but weren't expecting them to send you an attachment, contact them and confirm that they sent it before you open it.
- Don't open attachments from strangers.
Ever. If you aren't absolutely certain you know the person who sent you the attachment, don't open it.
- Don't open unusual attachments.
Most of the attachments you receive probably fall into a few recognizable categories -- Word documents, Excel spreadsheets, PowerPoint presentations, and/or Acrobat PDFs, for example. Learn to recognize the icons and filename extensions associated with these files; if you receive an attachment that has an unusual icon, or an unusual extension (especially ones like .pif, .scr, or .exe), don't open it.
- Don't open attachments from strange-looking messages.