Phishing is a process used to acquire sensitive information such as usernames, passwords, Social Security numbers, credit card information, and bank account information. The most common method uses e-mail appearing to be from a legitimate company. 

Most of the time, the e-mail will include a link for you to verify information, when in reality, the link takes you to a malicious website. Although the Web site might look like the “real thing,” the purpose is to coax you into entering personal information. Once you have, the information is used to steal your identity.

Notice in the example below, the e-mail looks legitimate. However, the Web link is not a Ball State site. If you mouse over the link below (without actually clicking the link) you will see it directs you to google.com, definitley not where you expected to go.

If you receive an e-mail asking for your personal information, do not respond and delete it immediately. If you are not sure whether an e-mail is legitimate, forward it to abuse@bsu.edu.

Phishing Example

To: jdoe@bsu.edu
From: BSUfreecredit@bsu.edu
Subject: Free Report Protection

Dear Ball State student,

We have received a notificiation that your personal information has been compromised as a result of a security breach. In an effort to protect your sensitive information, Ball State University is providing a free credit reporting services, at no cost to you.

Please click on the link below to activate this free services. You will be asked to provide your name, BSU ID number, and Social Security Number during the activation process. We encourage you to take advantage of this services to protect against fraud.

http://www.bsu.edu/accountservices

Sincerely,
Ball State University

 

Now let's see if you can identify scams.  First look at this example.  Identify all the signs of a phishing scam. Then look at the results we identified.  How did you do?