Phishing Email Scams
This article discusses fraudulent email messages.
Release Date: 2/3/2005
OIT has been receiving inquiries regarding fraudulent "phishing" email messages, which are emails that spoof a reputable company, such as Citibank, eBay, and PayPal, in an attempt to defraud the recipient of personal information.
Phishing is an email scam that attempts to defraud people of their personal information including credit card number, bank account information, social security number, and their mother’s maiden name. The term phishing was coined because the fraudsters are “fishing” for personal information.
Fraudulent emails are on the rise as scammers "spam" recipients with email frauds that range from the very simple to the very sophisticated, which can fool even the savvy Internet user. Fraudulent emails harm their victims through loss of funds and identity theft.
All email messages sent to any @ndnu.edu e-mail address are processed by Postini, the leading provider of email security and management solutions that protect email communications by providing complete email intrusion prevention. Periodically you receive email messages from NDNU Network Administrator Robert Agcaoili, with the subject "Notre Dame de Namur University Detected Potential Junk Mail." The body of the message reads:
"Dear username@ndnu.edu,
Notre Dame de Namur University`s junk mail protection service has detected some suspicious email messages since your last visit and directed them to your Notre Dame de Namur University Message Center.
You can inspect your suspicious email at:
http://login.postini.com/exec/login?email=username@ndnu.edu
Suspicious email is kept for 14 days, after which it will be automatically deleted. Please visit your Notre Dame de Namur University Message Center to delete unwanted messages and check for valid email.
For help accessing and configuring your Notre Dame de Namur University Message Center:
http://www.postini.com/services/help.html
Thank You!
Notre Dame de Namur University"
When you click the first link, you can then log-in to Postini, and decide whether you want to retrieve or delete the messages. On this page you can also click the "Junk Email Settings" link, which allows you to set the "spam filter" settings for messages in four categories: Sexually Explicit, Get Rich Quick, Special Offers, and Racially Insensitive. The junk email settings for each of these categories range from "off" (no spam filtering) to "aggressive." If you are receiving unwanted messages directly to you Inbox, try increasing these junk email settings to "aggressive."
OIT blocks phishing senders email addresses when possible, however increasingly, scammers "spoof" an address to convince the recipient that the email originated from the reputable company. In these cases, the “from” email address appears to be from the company by using the company’s domain name (e.g.,@ebay.com, @paypal.com), so OIT cannot block all messages from these domains without blocking reputable messages as well.
You will undoubtedly receive fraudulent messages in the future, as phishing scammers continue to come up with more sophisticated techniques. More of these will be quarantined by Postini if you tighten your junk email settings, but it`s highly likely that some fraudulent messages will still make it to your Inbox. For this reason, please keep in mind the following:
1. Open emails only when you know the sender. Don`t open an attachment or click on a link contained in an email from an unknown party or that contains frequent spelling or grammatical errors..
2. If you receive an unexpected email that sounds too good to be true or that states your account will be shut down unless you confirm your account/billing information, do not reply or click any links in the email body. If you are uncertain about the request for information, contact the company through an address or telephone number you know to be legitimate.
3. If you need to go to their website, enter what you know to be their website address directly into your browsers URL address line; don`t use the link they send you.
4. Regularly check your credit card, checking account, and other bank statements and verify that all of the transactions posted are legitimate.
Here are some excellent articles and resources about phishing:
Anatomy of a Phishing Email
Christine E. Drake, Jonathan J. Oliver, and Eugene J. Koontz
MailFrontier, Inc., 1841 Page Mill Road, Palo Alto, CA 94304, USA
This excellent white paper explores numerous tricks used in phishing emails. (Note that paragraphs two and three in this NDNU OIT article are direct quotes from this MailFrontier paper.)
http://www.ceas.cc/papers-2004/114.pdf
Phishing Schemes Scar Victims
Brian Krebs
Washington Post
This article interviews individuals who have been victim of phishing and identity theft, and references MailFrontier.
http://www.washingtonpost.com/wp-dyn/articles/A59349-2004Nov18.html
About Identity Theft
The Bank of New York
(The "keep in mind" # 1-4 items in this OIT NDNU article are direct quotes from this Web page.) http://www.bankofny.com/htmlpages/mfc_ith_ait.htm
Back to OIT News and Home.
© 2010-2013 Notre Dame de Namur University - 1500 Ralston Avenue, Belmont, CA 94002 - (650) 508-3600 - All rights reserved. Emergency Information | Site Map