One Step Ahead
October 30, 2012,
Volume 59, No. 10
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Beware of Phishing Emails as Presidential Election Draws Near
In the run-up to this year’s presidential election, now is a time to be hyper-vigilant of unscrupulous attempts to gain access to your personal and financial information through bogus requests to contribute to a candidate’s campaign.
Throughout history, malicious individuals and organizations have preyed upon the good will and innocence of others to steal personal information or financial resources. The digital age, with email, electronic record keeping, and web-based financial services is no different: unsuspecting computer users can lose information with a few clicks of a mouse or keyboard through a practice known as Phishing.
Phishing attacks solicit personal information by posing as trustworthy organizations in specially crafted emails or websites. They tend to proliferate after major events that lead to increased charitable contributions (e.g., hurricanes, floods), and cyclical events (like presidential elections, holidays or tax day).
To avoid becoming a victim, the US Computer Emergency Readiness Team recommends that you
- never reveal personal or financial information in email,
- never respond to email solicitations for such information,
- avoid following links sent in email, and
- never send sensitive information over the Internet before checking a website’s security and confirming the legitimacy of the URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
If you believe you might have disclosed information about your organization, financial accounts, or password, report it to the appropriate people within the organization. Work with your financial institutions if you believe your financial accounts may have been compromised, remain wary of unexpected charges to your account, and change any passwords you might have revealed. If you used the same password for multiple resources, change it for each account and do not use that password in the future.
To learn more about protecting your private information from Phishing attacks, visit www.us-cert.gov/cas/tips/ST04-014.html and www.antiphishing.org/
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/