Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. (Source: Wikipedia) Recently, the UWG community has had a problem with what is called Spear Phishing. This is a pinpoint attack against a particular group of people, such as the users of a website or product, employees of a particular university or other organization in an attempt to undermine that group. It isolates only those people, as opposed to ‘everybody’, and it attempts to get that group to do something to gain access to proprietary data or company systems. Such ‘spear phishing’ emails often look real as they may appear to come from someone within the organization.
UWG will never ask for such information via email. Following is an actual sample of a phishing attempt received by a UWG user(s):
Attention Westga Account holder, This message is from the Westga University Information Technology service messaging center, to all Westga.edu.au e-mail account holders. On Tuesday, August 16Th, 2008, from 3:00 PM until 8:00PM, all Mailhub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mail portal will be unavailable for some period of time during this maintenance period. We shall be carrying out service maintenance on our database and e-mail account center for better online services. We are deleting all unused e-mail accounts to create more space for new accounts.
Even though phishing is illegal, it is difficult to take legal steps to stop it. It is our own responsibility as a user not to become a victim of phishing scams. Avoid becoming a victim by never disclosing personal information in response to an unsolicited email, by never clicking on any links in such emails. Also always access Websites by manually typing the Web address into your browser. Here is a link to a case of ‘spear phishing’ that was prosecuted and convicted: http://en.wikipedia.org/wiki/Phishing#Legal_responses For those who are interested in learning more, here is a link that explains the CAN-SPAM act: http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm.