Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Phishing – Avoid the net.

Wednesday, July 29, 2009 14:50

Phishing is the act of sending an email that falsely claims to be from a legitimate organization but has the purpose of stealing the target’s personal information.

Phishing emails attempt to steal a victim’s information, usually though links provided within the email that appear legitimate but redirect user’s browser to a malicious site. Though, sometimes malicious code can be embedded into the email itself.

Legitimate organizations do not send warning emails asking for personal information in reply, nor do they link to specific pages asking for “corrected” personal information. If a link in an email goes beyond the base domain (ex. http://www.example.com/) be very suspicious. Call the organization or visit them in person to find the facts.

One can combat phishing emails similarly to spam:

  • Don’t open unsolicited mail from unknown senders.
  • Don’t respond to the sender.
  • Don’t open links within the email.
  • Don’t open suspicious attachments.
  • Never give out banking, business or personal information via email.
  • Do stay informed. Stay abreast of warnings from email administrators about suspicious emails.
  • Do report a suspected phishing attempt to the helpdesk.