University of Oregon
Audience
Faculty/Staff
Researcher
Student
GTF

What is phishing?

Phishing is a way of attempting to get your sensitive information such as usernames, passwords, PINs and ID numbers. Phishers accomplish this by imitating an often real organization or person. By using emails, websites or even phone calls, phishers contact potential victims to attempt to trick them into giving up sensitive information. Communications claiming to be from popular social web sites, auction sites, online payment processors, banks, governments or IT administrators are commonly used to lure the unsuspecting public. Phishing often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

How do I avoid becoming a victim of phishing?

Following the tips below will help you avoid becoming a victim of phishing:

  1. Do not give personal information to an e-mail claiming to be from a representative of a legitimate retailer, bank, organization, or government agency.
    • Many phishing attempts claim that an account needs to be verified, that a purchase has been made in your name, or that you have become a victim of identity theft. These e-mails will then ask for your credit card number, social security number, or other personal information.
       
  2. Don't click on Web links in e-mails from people you do not personally know.
    • Many phishing attempts will attempt to guide you to a website that is a replica of the website belonging to your bank, university, auction site, etc. If in doubt of whether a link is genuine or not, type the URL of the website in by hand. For example, if a website says to click on a link to go to your bank's website, instead of clicking on the link, go to your web browser and type the URL manually, e.g. "http://mybanksname.com/".
       
  3. Phishers often try to rush people in hopes that they will fall for the scam before thinking through their actions.
    • Beware of emails marked as URGENT or claiming to require immediate action.
       
  4. Be aware that phishing can be performed over the phone as well.
    • Some e-mails will even offer you to call a local, or 1-800 number where an identity thief will act as a representative of a legitimate company.
       
  5. Remember that no company or government agency, will ask you for any personal information over the internet, especially over e-mail.
     
  6. You are not safe from phishing if you're using a smartphone.
    • If you enter your credentials on any site, even if it's with a smartphone or tablet, those credentials can be stolen.

What do I do if I've fallen victim to phishing?

If you provided personal information such as your password, credit card number, or social security number to a phisher, notify the companies you have account(s) with immediately. If you feel as though you've provided enough information, such as a social security number, for your identity to be used in an unauthorized manner, you can file a report, place a fraud alert on your credit and learn what to do next at the Federal Trade Commisions website.
If you sent a password to a phisher, change your password immediately. If you use the same password for multiple sites, then change the password on all of those sites to different passwords.
 
Extra Links and Information:
Video: Protecting Yourself Online
UO's Information Security Page on Phishing
Microsoft's Webpage About Phishing