University of St. Thomas
Educating Leaders of Faith and Character - Houston, Tx. Quick Links - quickly find top destinations Directory - find people at the University of St. Thomas Houston Contact - get the phone, email or mailing address of the University of St. Thomas Houston
Admissions & Financial Aid Schools & Centers For Excellence Degrees, Programs & Courses Campus & Student Life Giving to UST Offices & Services About UST
Security & Protection
Security Awareness
Viruses
Spam
Personal Computer Security
Spyware
Phishing
Malware
Social Network Sites
Physical Security
Information Technology
Offices & Services

OFFICES & SERVICES Printer Friendly Page Email a Friend
INFORMATION TECHNOLOGY
Phishing
Phishing (pronounced – fishing)  – Is fraudulent process or scam, in which legitimate e-mails are sent out to unsuspecting users, in attempt to acquire sensitive information such as usernames, passwords, credit card details, or Social Security numbers by masquerading as trustworthy websites. Phishing is a new form of Identity Theft. The most common form of Phishing is e-mail pretending to be from legitimate retail, banks, organization, education, or government sites. Another phishing tactic is when the phishers claim on their e-mails, that they are from fraud departments of a well-known companies and ask to verify your information because they suspect you may be a victim of Identity Theft.
Signs of Phishing E-mail:
  • A request to update or verify your account information – The University of St. Thomas will NEVER request your personal information by e-mail. Legitimate companies will not ask for your personal information by e-mail, especially if it’s information they should already have.
  • An urgent sounding phrase. Example: “If you do not respond in the next 24 hours, your account will be deleted.” Legitimate companies will not send out these types of e-mails.
  • Click the Links: The e-mails will encourage users to click on a link in the message which will open up a login screen or form to enter your personal information.
  • E-mail Greetings. Some phishing e-mails will be sent out in bulk are generally addressed to the e-mail recipients. Be aware that some e-mails that are addressed to users by name are legitimate, sophisticated phishing e-mails can be explicitly addressed to recipients.

Protect Yourself Against Phishing:

  • Don’t respond to suspicious or “phishy” e-mail, verify the contact information (e.g., phone numbers or e-mail address) provided in the e-mail message.
  • Don’t click on links within the suspicious e-mails. These links could transfer you to malicious websites where the keystroke loggers are waiting to capture the information you type in.
  • Verify the legitimacy of the links. Right-click on the links and select Properties. Compare the link in the pop-up window to the one listed in the e-mail or on the webpage. If they don’t match, you do not want to click the link.
  • Resist the urge to react immediately without thinking. If you’re concerned about your account, go to the sender’s official website by typing the web address (URL) directly into your browser and verify the request.
  • Don’t enter personal or financial information into pop-up windows. A common phishing technique is to launch a pop-up window when someone clicks a link in a phishing e-mail. On occasion a pop-up will be displayed over a website you know and trust.  Regardless, if that happens, close pop-up by clicking the “X” in the upper right corner.

Anti-Phishing:
Internet Browsers such as Internet Explorer and Mozilla Firefox have anti-phishing filters in place to prevent any suspicious websites. To verify that your filters are in place, perform the following steps
Mozilla Firefox Browser

  • Open Mozilla Firefox
  • At the top of the Firefox window, click on Tools menu, and select Options
  • Select the Security Icon
  • Make sure Tell me if the site I’m visiting is a suspected forgery is checked off.

Note: By Default, Firefox should already have this option checked off.
Internet Explorer

  • Open Internet Explorer
  • At the top of the Explorer window, click on Internet Options
  • Select the Security Tab
  • Select Trusted Site icon
  • Click on Custom Level button
  • Scroll down to Use Phishing Filter, and click on Enable.

Note: By Default, Internet Explorer will NOT have this filter enabled.
Internet Explorer has the option to check and report suspecting website

  • Open Internet Explorer
  • At the top of the Explorer window, click on Phishing Filter
  • Click on Check this Website or Report this Website

If faculty, staff, and students come across these e-mails, it’s important to identify these types of suspicious websites. Here some examples of false websites.

False websites
http://61.190.66.139/ws/sigin.html  - Don’t trust URLs with all number in the front.
http://www.ebay-accept.com/login.php - A company name followed by a hype usually means it is a    scam site.
http://ebaysale.nl – If you Google eBay; you’ll receive http://www.ebay.com/

Real Websites
http://www.ebay.com/ - A valid URL would begin with www and end with domain, between the //
http://www.ebay.ca – ebay.ca is eBay registered in Canada; some companies have their sites registered in different countries.
http://www.ebay.com/verification - /verification indicates that it’s a directory under ebay.com
http://verification.ebay.com/ - This verification indicates that its sub domain of ebay.com

This following link is phishing game that will provide a fun yet educational way of learning and understanding phishing.
http://cups.cs.cmu.edu/antiphishing_phil/
Home | Contact Us | Online Newsroom | EmploymentInformation Technology | Library & ResearchSite Map | Report an Issue

© Copyright 2006-2007, University of St. Thomas - Houston. All Rights Reserved.
http://www.stthom.edu/Offices_Services/Offices/Information_Technology/Security_Protection/Phishing.aqf