A new online scam used to obtain Internet users’ personal information called “phishing” gains their trust through e-mail messages that look like legitimate business correspondence. After a person opens the e-mail, it directs them to fraudulent Web sites which request that they update their information.
Timothy C. O’Rourke, vice president of Computer and Information Services, said that this is not a new scheme, but that it is harmful and students need to become aware of it. The scam is “becoming more sophisticated” and one of the most vulnerable groups of victims is students, he added.
“Phishers use stolen logos and mimicked patterns of banks, credit card companies and brokerage firms to make their messages appear legitimate,” the CIS Web site states. Recent scams have included e-mails from Citibank, Washington Mutual, Mellon and other business like PayPal or eBay.
The scammers are “not after your account but your personal information, including social security and credit card numbers,” O’Rourke said. “Once they have this information, they use it to steal your identity or make a purchase with your credit card.”
He added that students need “to understand that there are bad people out there using the Internet, and they look for defenseless victims such as students to catch in their schemes.”
An IBM survey reported that phishing incidents have grown 5,000 percent in 2004 from the previous year.
O’Rourke said that no one has yet reported being a victim at Temple.
“Many students have claimed to have seen the e-mails, which makes it possible that there have been some victims, but up to now there has been no official report,” O’Rourke said.
In order to protect its students, CIS said in a letter sent via e-mail addressing all students that they are taking necessary steps including “implementing a network security policy [and] installing a state of the art firewall and enterprise edition anti-virus.”
Seth A. Shestack, head of security at CIS said that they also have spam blockers, but because the system is not fool proof scammers can eventually get around them. Shestack recommends students become well informed of the dangers online and protect themselves.
One of the ways students can do this is by visiting CIS’s new Web site, designed to educate students about computers scams and give tips to prevent them from being future victims.
“The Web site is updated daily with information about new viruses and scams,” Shestack said. He believes students need to understand the difference between phishing and spam e-mail.
“Sixty-five percent of all e-mail that comes into the system is classified as spam,” Shestack said. “Unlike the usual spam e-mails, which consist mostly of advertising, phishing is a subset of spam. These e-mails are harder to block because spammers are constantly changing their name.”
Avoiding downloading free music and software is also another way to prevent being scammed.
“Nothing is free; once you download something you may be entering sites that come with malicious codes and viruses,” Shestack said.
If an incident of phishing happens on campus, contact the Temple University Campus Safety Services at 215-204-7900. For more information, students can visit the Computer Services Web site www.temple.edu/cs/security/phishing.
Geraldine Rosado can be reached at firstname.lastname@example.org.