Beware of phishing attacks at URI

04/14/09 - Imagine a random person walking up to you and introducing himself as an employee at your bank. He needs to verify your account information for security reasons. You wouldn't tell him anything, would you? However, you might provide this information if asked for it in an e-mail.This kind of attack is known as phishing. According to the United States Computer Emergency Readiness Team, phishing is an attack that uses e-mail or Web sites to acquire personal information, often financial. Phishing is a play on words that refers to the action of a scammer putting out bait and waiting for a response. Common phishing attacks are e-mails sent from what seem to be a bank or Paypal asking to verify a recent purchase. The purchase never happened, but that is beside the point. The e-mail will contain a link that appears to go to the financial institution's Web page but is actually the scammer's own page. Once the scammers have your bank account login information, they have control over your bank accounts.

Some phishing e-mails include a phone number to call to verify one's account information. These phone numbers can have legitimate-looking caller ID information because of the availability of Voice Over IP phones.

However, this type of scam is not limited to financial institutions. The University of Rhode Island has been hit with many phishing e-mails lately. The e-mails ask users for their user name and password, claiming that the server is getting full and those that do not answer the e-mail will have their accounts deleted.

This is, of course, a lie. The scammer uses the account information that he or she receives to send out more spam.

But how much money can be made from phishing? These attacks are not run by some kid in his mom's basement. There are complicated criminal networks perpetrating these scams.

According to Valerie McNiven, a U.S. treasury advisor, cybercrime is now more profitable than drug trafficking. A Gartner, Inc. survey published on Sunday says that phishing attacks have grown 39.8 percent in the past year. Experts are theorizing that the economic recession is leading more people to use phishing to make an easy buck.

So what can be done? There are a few simple steps that can be taken to help protect yourself and others from phishing scams.

1. Use common sense. Be suspicious. Any legitimate institution will never ask you for your account information via e-mail. If you get a message asking to verify your account information, do not respond to it. If you are concerned, contact the institution directly.

2. Make sure your computer has the most recent updates and an anti-virus program. URI offers McAfee anti-virus free of charge to all faculty, staff and students.

3. Don't click on links in e-mails. Copy and paste the link. Links in phishing e-mails often say they are for one Web site but go to another.

4. Share this information with others. Even technically savvy people fall for phishing scams. It is a form of social engineering. Scammers lull people into a false sense of security by claiming to be part of a trusted institution, like a school or bank.

If you have any questions about phishing, go to antiphishing.org. You can also contact the URI Help Desk at (401)874-HELP with questions or concerns about suspicious e-mails.