‘Phishing’ – don’t take the bait

Beth McHenry

Computer Services Dana Rose-Schmalz was recently alerted to a recent wave of scam e-mailing known as “phishing.” Phishing is a system of identity theft that uses fake e-mails that appear to be from legitimate companies to solicit credit card numbers, social security numbers, PINs, and other personal information.
Students and faculty from Lawrence and other universities have already been fooled by phishing, and Rose-Schmalz hopes to alert the Lawrence community to the new scam.
E-mails used in phishing look very authentic. The “From” field in the e-mail appears to be from a known company, such as PayPal or Citibank. The e-mail, complete with official-looking company logos, informs the recipient that they must update personal information at the company website. The website link, although labeled correctly – for example, as www.paypal.com – does not lead to a legitimate website but to a fraudulent one, where recipients can enter their personal information.
The most important thing to remember about phishing is that it is usually not obvious that the e-mail is a fraud. According to Rose-Schmalz, it is very easy to change “From” information in any e-mail client. A phishing e-mail also contains a clickable link and text that appears to support the e-mail’s claims. And scam artists usually take logos or images directly from the real company’s website.
Rose-Schmalz has identified several quick ways to check suspicious e-mails: position the mouse over links to see the real website address on the bottom left corner of the screen, check for spelling errors in logos, percentage signs followed by numbers or @ symbols in links, random names or e-mail addresses within the body of the e-mail, and inconsistent e-mail headers. Also look for language that seems inconsistent with the sender.
To be safe, it is best not to respond at all to e-mails from companies soliciting information. Rose-Schmalz and other university Computer Services directors suggest deleting any e-mail from a firm asking for private information, no matter how official the e-mail looks.