Phishing | University of Oregon: Information Security
Information Security Information Services home

Phishing

Phishing is a form of identity theft which uses e-mail, instant message and/or malicious web sites in order to obtain sensitive personal information about a victim. Frequently, these e-mails may appear to be from a business, financial institution or a University, they often request the victim to verify, or update their account information. University of Oregon e-mail addresses have been the target of many Phishing scams, if you receive an e-mail that you believe may be a Phishing scam, please disregard the email.

Recommended Precautions:

  • Never respond to e-mail that asks for personal or financial information.

    Information Services will never send out e-mail asking for account usernames, passwords, or PAC numbers. Ever. This type of information should never be sent to anyone over e-mail.

  • Do not trust 'urgent' e-mail demands for action.

    It is a common phishing technique to foster a false sense of urgency in order to provoke a response. Do not be afraid to ask your local technical support staff if an e-mail is phishing before using information contained in the e-mail or replying to the e-mail. As they may be better able to look for the common indicators of a phishing e-mail.

  • Do not trust company phone numbers in e-mail

    If you believe the e-mail that you have received to be a phishing attempt but are concerned that it may actually be real and not fraudulent, please directly contact the sending institution. Be sure to use phone number or e-mail information published on their official website or other established resource. Do not use the information from the suspect e-mail. Information Services has seen phishing e-mails that utilize VOIP phone numbers with 503 and 541 area codes to encourage recipients to provide confidential information over the phone to phishers.

  • Do not trust unexpected e-mails that contain attachments or website
    links.

    Be careful with attachments and linked websites or downloads that you receive via e-mail. Last month a larger than usual number of individuals successfully infected their computers with a virus that intercepted keystrokes and uploaded the data to remote servers. Anti-virus programs should be part of a layered approach to desktop security as new viruses are constantly being developed and may not be detected the first time around.

  • Use a web browser that has anti-phishing capability

    From recent experience with the last major phishing attempt that occurred during spring break, Firefox had a faster turn around time in labeling the phishing website as fraudulent. You may wish to use Firefox over other browsers for this and other reasons. If you prefer not to use Firefox there may be anti-phishing plugins or similar functionality that you can enable for your preferred browser.

If you believe you have been involved in a Phishing scam

If the scam involves UO credentials such as the 'DuckID', please e-mail phishing@uoregon.edu. Be sure to include the full headers of the e-mail when reporting the incident. If you are not familiar with how to view the full headers of an e-mail, please consult the following site:

http://helpdesk.uoregon.edu/fullheaders/

If the scam involves a non-university affiliated credential, please contact the targeted institution and report the attempt at:

http://www.phishtank.com/

Posted April 17th, 2008