Phishing and St. Cloud State University

Phishing is a particularly dangerous and prevalent form of spam. Phishing is online criminal activity involving fraudulent e-mail messages sent in an attempt to obtain your online account information such as credit card and banking information. Once phishers have your account information, they might use it to steal your identity or make purchases on your account.

Recognizing Phishing

Phishing e-mails typically purport to be from a financial institution such as a bank, credit card company or online payment service. They typically feature authentic-looking logos that appear to originate from organizations such as eBay, PayPal, Bank of America, Wells Fargo, TCF Bank, etc.

Phishing e-mails are usually written under the guise of "protecting" you by asking for "confirmation" or "verification" of personal and/or account information.

Providing that information could subject your account to unauthorized access. As the Federal Trade Commission points out, legitimate businesses don't ask for personal or financial information via e-mail.

Protecting Yourself From Phishing

  • Never respond to e-mails that request your personal/account information.
  • If the e-mail appears to have been sent from an organization you are affiliated with and you want to look into it further, check for information on that organization's official Web site.
    Important: Check the legitimacy of the Web site listed in the phishing e-mail by typing the address directly into your browser, or call the organization directly. Do NOT click on links in the suspect e-mail.
  • Do not call a phone number listed in an e-mail you suspect is phishing. Look up that organization's actual phone number in the phone book or from your official documents.
  • Delete e-mails that ask for account or financial information.

Phishing Feeds on Fear

Why do people get hooked by one of these phishing expeditions? Something called social engineering plays a big role. Consider these scenarios:

You hear multiple news reports of identity theft, and as a result you are on the alert for anything indicating your own personal information might be at risk of being stolen.

With this heightened level of awareness about the need to protect your personal information, you might more easily fall prey to an e-mail that appears to come from a financial institution you have done business with, especially when the message is asking for "verification" to protect you from the very fraud it is committing.

Combine this with a sense of urgency the message reflects in wording such as "...your account with us will be terminated if you don't respond within 24 hours," and it's easy to see why people get hooked. SCSU doesn’t want you to be one of them.