University of Central Florida

Information Security
 
Quick Links
Home
IT Security Policy
IT Resource Policy
Security Tips for everyone
Security Tips for IT
Rules of the Road
Server Security Standards
Computer Security Standards
Legal Matters
 
Network Operations Center
ResNet
Service Desk

 
Security Sites
CERT
CIS
INCIDENTS
LINUX SECURITY
DHS
SANS
SARC
SECURITY FOCUS
US-CERT
 

 

 

Beware of Phishing!

Phishing is the act of sending an e-mail to a user falsely claiming to be a legitimate enterprise in an attempt to scam the user into surrendering private information such as a bank account or social security number, passwords, or other information that can be used to commit identity theft. Phishing messages are formatted to appear as official communications from banks, financial institutions, eBay, and a host of other legitimate businesses, including UCF.

Phishing messages typically contain a claim that for one reason or another the recipient must re-enter or update their information. A bogus web link is provided, and the user is asked to click on the link in order to re-enter their personal information. If you enter this information the phishers will have access to illegally use your account.

Legitimate businesses do not solicit users' account information through e-mail. Should you receive a phishing e-mail message, delete it immediately. Do not click on a link contained in the message. If you have a question about your account, call the business or financial institution on the telephone.

How can you prevent being a victim of phishing?

Here are three ways to protect yourself against phishing:

  • If an e-mail requests that you click on a link and provide personal information, do not click on it. A bogus web address may be buried in the code. This link could take you to a fraudulent web site created to collect your personal information. Instead, try manually typing the desired address into your web browser to be on the safe side.
  • For preventive reasons, most legitimate institutions do not use e-mail links to their web site when requesting updates to personal information. Most businesses will have you go to their site on your own. If an e-mail does ask for a personal information update, try getting to that web page through the institution's Web site. This way, you know the page is legitimate.
  • Be cautious of any e-mail asking for personal information. Some institutions are frequently used in phishing attacks. Check out the institution's web site for more information on phishing attacks. It is common for an institution to post phishing information if they've been used in attacks. In general, if you have any doubts whatsoever, contact the institution directly.

If you have any questions regarding phishing, contact the Security Incident Response Team at sirt@mail.ucf.edu
 

If you believe you have inadvertently submitted information to a phishing site, please contact the UCF police department, the Security Incident Response Team (sirt@mail.ucf.edu) and refer to the Federal Trade Commission identity theft Web site: http://www.consumer.gov/idtheft/

All contents are copyrighted
Maintained by the Information Security Office
Computer Services & Telecommunications