Infosec Home at The University of West Georgia

Log On

Phishing

 Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. (Source: Wikipedia) Recently, the UWG community has had a problem with what is called Spear Phishing. This is a pinpoint attack against a particular group of people, such as the users of a website or product, employees of a particular university or other organization in an attempt to undermine that group. It isolates only those people, as opposed to ‘everybody’, and it attempts to get that group to do something to gain access to proprietary data or company systems. Such ‘spear phishing’ emails often look real as they may appear to come from someone within the organization. 

UWG will never ask for such information via email. Following is an actual sample of a phishing attempt received by a UWG user(s):  

Attention Westga Account holder,  This message is from the Westga University Information Technology service  messaging center, to all Westga.edu.au e-mail account holders. On Tuesday,  August 16Th, 2008, from 3:00 PM until 8:00PM, all Mailhub systems will  undergo regularly scheduled maintenance. Access to your mailbox via our mail portal  will be unavailable for some period of time during this maintenance period.  We shall be carrying out service maintenance on our database and e-mail  account center for better online services. We are deleting all unused e-mail  accounts to create more space for new accounts. 

In order to ensure you do not experience service interruptions/possible  deactivation Please you must reply to this email immediately confirming your  Westga.edu email account details below for confirmation/identification.  

 1. First Name & Last Name:  

2. Full Login Email Address:  

3  ID number:  

4. Username & Password:  

5. Confirm your Current Password: 

 Failure to do this may automatically render your e-mail account  deactivated from our email database/mailserver. To enable us upgrade your Westga email  account, please do reply to this mail.

Even though phishing is illegal, it is difficult to take legal steps to stop it. It is our own responsibility as a user not to become a victim of phishing scams. Avoid becoming a victim by never disclosing personal information in response to an unsolicited email, by never clicking on any links in such emails. Also always access Websites by manually typing the Web address into your browser. Here is a link to a case of ‘spear phishing’ that was prosecuted and convicted: http://en.wikipedia.org/wiki/Phishing#Legal_responses    For those who are interested in learning more, here is a link that explains the CAN-SPAM act: http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm.