Phishing: A guide for Lehigh students, faculty, and staff

What is phishing?

Phishing is a deceptive practice that is used to steal personal data such as credit card information, passwords, or other sensitive data. How can you recognize it? Sometimes it's hard. You'll get an email that claims to be from a trusted source, like Lehigh, your bank, Ebay, Paypal, etc. The message will claim that your account is in jeopardy somehow unless you...

Spear phishing is a highly targeted type of phishing that may be aimed at a given organization, such as Lehigh. The text of the message may be tailored to Lehigh recipients even though the sender is not legitimate. Lehigh will NEVER ask you to provide a password via email. You should also be very wary of clicking on links within email messages asking for sensitive information. They may be "spoof" web pages that merely collect and use your information. If in doubt, contact the company/university directly or open a new Web page and log into their account page.

What do phishing scams look like?

Lehigh collects examples of phishing scams (send any you receive to helpdesk@lehigh.edu). Actual phishing email messages that have circulated at Lehigh in the past can be viewed at www.lehigh.edu/helpdesk/phishingexamples.html.

How can I protect myself against phishing scams?

Where does the term phishing come from?

The word "phishing" comes in part from the idea that scammers are "fishing" for personal data from the sea of email/Web users. "Ph" is a common hacker replacement for "f." The term was first coined in 1996.

Resources

SonicWall Phishing and spam IQ quiz

Washington Post Phishing quiz

Carnegie Mellon University's Anti-phishing game

Microsoft's How to recognize phishing scams and fraudulent email

Ebay's Recognizing spoof web sites

Mailfrontier's Guide to Phishing (has very clear visual examples of phishing)

Why phishing works is a research paper from Harvard that evaluates the deceptiveness of typical phishing emails.

 

Phishing video from the Federal Trade Commission (below):

For more information, go to the phishing information on Lehigh's Security Web page.

Corrections/changes to sek2@lehigh.edu 11/6/08

 




Last updated: Tuesday, 21-Aug-2012 11:58:06 EDT