E-mail ‘phishing’ alert

The problem of e-mail “phishing” is becoming more widespread and the campus community should be aware of this issue and know how to avoid potential problems.

“Phishing” is the term used to refer to attempts to obtain confidential information, personal or financial, from people through the use of e-mail, or Web pages, designed to deceive them into divulging this information. Often these attempts will involve e-mail, or links to Web pages, designed to look like they are from a person or organization that you trust and/or with which you do business.

Among the “phishing” attempts that we have seen are e-mails that appear to be from various banks, eBay, PayPal and other businesses. One technique that is used in these messages is to claim that your account information needs to be updated, or that your account is in danger of being close if you do not reply with the personal or financial information that is being requested.

Another message that has been reported is crafted to appear as though it offers a “Complimentary STRS/PERS Report.” This message is not from STRS or PERS. Instead it is an attempt to obtain information including your income, telephone number, date of birth, etc. While this message has only been reported on campus three times in the past three months, it clearly targets the educational community and we want to be sure you are aware that it is not legitimate.

Please exercise caution when providing confidential information to anyone, whether by telephone, email or through the Web. Be aware of how your bank, and others you do business with, use e-mail or the Web to communicate with you and be suspicious of any request for information that is out of the ordinary. Most businesses will not ask you to provide confidential information in response to an unsolicited e-mail or telephone call.

If you have questions or concerns about this issue, e-mail jim_michael@csufresno.edu. For more information with regard to “phishing” and what is being done to deal with this problem, visit the Web page of the Anti-Phishing Working Group at http://www.antiphishing.org/.