Phishing

From IThelp @ UiB
Jump to: navigation, search
Information.gif Would you like to give us a Feedback on this page?

Phishing is a form of e-mail fraud aiming to "fish" someone's personal information, typicallly user name, password, or credit card details. These can then be used for profit or damage.

The typical procedure is sending an e-mail to a large number of recipients. The message, purporting to be e.g. from a major bank, may tell that there are problems with some of the bank's credit cards. The problem can however -- according to the hoax message -- be easily remedied by clicking a link and entering some information.

This information is then collected and used to take money from the credit card. The operation can be made more plausible by copying the design from real web pages of the bank in question.

Other varieties asks the user to confirm or reject a transaction or shipment, renew his/her password, or similar.

The best thing to do with such e-mails is deleting them immediately.

Never click links, fill in fields, or in other ways supply the information asked for!

If you have given your user name and password, you should as soon as possible change your password so that the stray password becomes useless. That password should never be used again -- or be used in other connections!

If you have given your account number, credit card number or similar, make sure you report this to the bank at once to have the card blocked.

You have not "done anything wrong" to receive such e-mails. Phishing is an everyday phenomenon on the internet. As long as you don't click on links and supply the information the criminals want, you are not in any danger. It may be unpleasant to know that criminals have your e-mail address but it does not mean that you are targeted specially. Finding an e-mail address is not difficult.

Typical signs of phishing e-mails

Closer ecamination of the message will often reveal that it is a hoax. Some signs are:

  • Poor language. Broken Engslih or automatically translated Norwegian are usual signs.

    Phishing-språk.png


  • Wrong 'From' address. In many cases the e-mail is sent from an address that has nothing to do with the topic. But please note that sender addresses can be fake, so this is no sure sign.

    Phishing-avsender.png


  • Strange link addresses. If the mouse pointer is held hovering over a link (without clicking!), the link address (URL) will be displayed. If this is a "strange" address unlike the alleged sender's web site, it may be a hoax.

    Phishing-link.png


  • Unknown names and phrases. If the sender or institutions named in the message have generic, vaguely unfamiliar names like "Support Center", "Webmail Help Desk" etc., you should be alert.


Please note that even if one or more of these signs often occur, there is no guarantee that messages without them are safe! Caution should always be used. If you are in doubt, do not hesitate to ask the IT division!