Phishing: A guide for Lehigh students, faculty, and staff
What is phishing?
Phishing is a deceptive practice that is used to steal personal data such as credit card information, passwords, or other sensitive data. How can you recognize it? Sometimes it's hard. You'll get an email that claims to be from a trusted source, like Lehigh, your bank, Ebay, Paypal, etc. The message will claim that your account is in jeopardy somehow unless you...
Email your password in a reply to the source.
Click on a link to go to a Web page that is supposedly the Web site of the trusted company or university.
Spear phishing is a highly targeted type of phishing that may be aimed at a given organization, such as Lehigh. The text of the message may be tailored to Lehigh recipients even though the sender is not legitimate. Lehigh will NEVER ask you to provide a password via email. You should also be very wary of clicking on links within email messages asking for sensitive information. They may be "spoof" web pages that merely collect and use your information. If in doubt, contact the company/university directly or open a new Web page and log into their account page.
What do phishing scams look like?
Lehigh collects examples of phishing scams (send any you receive to firstname.lastname@example.org). Actual phishing email messages that have circulated at Lehigh in the past can be viewed at www.lehigh.edu/helpdesk/phishingexamples.html.
How can I protect myself against phishing scams?
Make sure your computer has up-to-date virus protection software and a personal firewall.
Don't click on links in email messages, especially if they ask for personal information.
Look for signs of security (legitimate companies will use secure, encrypted Web pages. Look for "https://" in the web address. The "s" stands for "secure". Look for a locked padlock icon in the lower part of your browser window. This indicates that the site is encrypted, which means your data is protected when you send it over the Internet.
Verify the Web site address. Go directly to Web sites rather
than clicking links within email messages.
Create hard to guess passwords.
Change your passwords and PINS frequently.
Where does the term phishing come from?
The word "phishing" comes in part from the idea that scammers
are "fishing" for personal data from the sea of email/Web users. "Ph" is a common hacker replacement for "f." The term was first coined in 1996.