Phishing: Don't Take the Bait
Internet criminals are using a technique called "phishing" to obtain personal information from unsuspecting Internet users. Phishing typically involves sending an e-mail seeking personal information while falsely claiming to come from a legitimate source. Users are often prompted to update or validate passwords, credit card details, Social Security numbers, PIN numbers, or other sensitive information.
Spoofed messages claiming to be from prominent government and banking entities have included threats of legal action and jail for not responding. Some SLAC users have even received phishing e-mails disguised as death threats.
How to protect yourself:
1. Caveat emptor ("buyer beware") should be watch words for use of the Internet.
2. If you receive a request and are unsure of itís legitimacy, contact the organization directly by the phone number on the back of your credit card or from a monthly statement. Do not use any phone numbers listed in the e-mail.
3. Be careful about which e-mails and attachments you open or forward.
4. Responding to e-mails or providing your e-mail address on registration forms can put you on spam lists and make you a potential target. Be especially careful using your slac.stanford.edu address. You can look up suspected hoax e-mails at snopes.com or look for more information on the computer security webpage, Resources for Investigating Hoaxes.
5. Of the over half a million e-mails received daily, our filters catch/block about 91% of mail sent by known spammers (black listed) and questionable sources; however, there is no absolute solution. SCCS is not able to notify you of all the scams that get through, so take steps to protect yourself.
For more information about how to protect your personal information, please go to the Federal Trade Commission Consumer Alert page on "How Not to Get Hooked by a 'Phishing' Scam." Also visit SLAC Computer Security webpage or contact us if you have any further questions or concerns.
Computer Security would like to send a special thanks to Lisa Dunn and Herbert Axelrod for contacting us regarding a suspicious e-mail sent by the DOE HSS penetration testers during our Site Assistance Review. Their quick recognition allowed us to block the source and stop the spread. This showed the HSS team that SLAC users are aware and vigilant. Thanks again.
Marilyn Cariola, SLAC Today, April 11, 2008