|One Step Ahead
December 16, 2008, Volume 55, No. 16
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Beware of Phishing Scams
“Phishing” in its basic form typically arrives as an e-mail message purporting to be from a reputable financial institution or other business. The message may instruct you to click on a link to a website where you will be asked to enter information about your account in order to fix a “problem,” or may ask you to “update” or “confirm” your account information. The actual intent, of course, is to collect your personal information for purposes of committing identity theft or other crimes.
A recent alert from the Federal Trade Commission highlights a new “twist” on phishing, tied to changes in the financial marketplace over the past several weeks:
“The financial institution where you did business last week may have a new name today, and your checks and statements may come with a new look tomorrow. A new lender may have acquired your mortgage, and you could be mailing your payments to a new servicer. [These types of changes] may spur scam artists to phish for your personal information.”
One example: a scam artist might send an e-mail purporting to be from “your new bank,” asking that you confirm your personal and account information.
What should you do in this rapidly changing, sometimes turbulent environment?
FTC advice includes the following:
• Don’t reply to an e-mail or pop-up message that asks for personal or financial information, and don’t click on links in the message—even if it appears to be from your bank.
• Some e-mails ask you to call a phone number to update your account. To reach an institution you do business with, call the number on your financial statements, not the number provided in an e-mail.
For more tips to help guard against fraud and protect your personal information, visit www.upenn.edu/privacy/identity_theft_overview_page.htm.
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.