What is a Phishing?

Phishing (pronounced "fishing") is a type of online identity theft. It is an attempt to acquire sensitive information. Here at the university they are usually attempting to get your Ball State username and password. There are many variations to a phishing email, but the most common technique is asking you to provide sensitive information (username/password) by either replying to the message or clicking on a link and entering the information on a Web page. Review an example of a phishing email.

What should I do when I receive an email from the Helpdesk, Webmail, IT, Internet Support Team, Security and E-mail asking me to validate my username and password so I don't lose access to my Webmail or any other technology resources?

Delete the email. Regardless of the SUBJECT or the message in your email no one at the university is going to request you to validate your username and password. No one is going to ask you to enter your credentials so you don't lose your email account or content. There is NO security incident taking place that requires you to validate your account.

REMEMBER: THERE IS NO LEGITIMATE REASON FOR ANYONE AT THE UNIVERSITY TO REQUEST YOUR USERNAME AND PASSWORD! DELETE THE REQUEST.

How do I know if a message is a phishing scam?

Phishing messages often:
a. Instruct you to supply your account information, including your username/password, by email or by clicking on a link in the message and then entering the information via the Web. This is never a legitimate request.
b. Have a "From:" line that sounds (and sometimes is) legitimate, but the message itself is vague.
c. Contains a threat for not supplying the information, such as having your account deleted.
d. Having spelling and grammatical errors. Legitimate messages aren't always perfect, but with careful reading many scam messages become obvious.
e. Use a generic salutation rather than using your personal name.

What to do if you think you may have responded to a phishing email.

Chances are if you have responded to phishing email you have compromised your Ball State account and will no longer be able to use your Ball State e-mail account. Contact the Technology HelpDesk. They are located in the Bracken Library (BL), room 101. You can reach them by phone at 765-285-1517 or by visiting their web site at www.bsu.edu/helpdesk.

What risks are involved?
If you reply to a phishing scam with your username and password you have provided the scammer access to all your Ball State accounts. In addition your email will be used to send thousands of spam email to others on and off campus.

What should I do to prevent my Ball State username/password from being compromised?

a. Be suspicious of messages requesting personal or account information.
b. Be suspicious of messages threatening to suspend, terminate or close your email account if you don't respond with the information requested.
c. Do NOT respond to phishing scams at all.
d. Do NOT click on links in a message.
e. Do NOT click on links in a message.