Spam and Scam

What is Phishing?

Phishing is a type of deception designed to steal your valuable personal data such as credit card numbers, passwords, account data or other protected information. It can come in many shapes and sizes, ranging from e-mail messages about your passwords expiring to fake letters from your bank getting you to verify information. The key to beating phishing scams is being prepared and knowing what to look for.

 

What do you look for?

Phishing e-mails will sometimes contain logos and official-sounding language to trick you into a false sense of security. But you must stop and ask yourself, why would any institution send an e-mail asking for sensitive account information. When in doubt, always verify the source of the e-mail. You can contact the institution sending the e-mail for verification.

The following is an example of a phishing email:

Anatomy of a Phishing Email

How does this affect you?

By responding to these e-mails, you are hurting not only yourself but everyone on Southern Miss’ campus. A response to one of these e-mails can cause usm.edu addresses to be blocked by other Internet Service Providers. Your e-mail address can also be used to send out thousands of SPAM messages to your colleagues on campus.

Outside of Southern Miss, responding to a phishing e-mail asking for banking or credit card information can ruin a life you've worked years to build. Identity theft can take years to straighten out, and it never fully goes away.

What can be done?

If you think your account may have been compromised, follow these steps

        1. Report it to the appropriate authorities.
          • At Southern Miss, report the incident immediately to the iTech Help Desk at 601.266.HELP (4357).
          • In the case of your personal accounts outside of the university, report it to the appropriate company immediately. The faster they are notified, the better that company will be able to protect you.
          • Contact the company the e-mail was supposedly sent from and make them aware that someone is sending out fake e-mails in their name.
          • For incidents outside the university, you can also report the scam to the Federal Trade Commission. The circumstances can be reported to the FTC: National Resource for Identity Theft. Users can also report phishing scams to the Anti-Phishing Working Group and to the FTC at spam@uce.gov.
          • To report the scam to these groups: Create a new e-mail message addressed to them and attach the phishing e-mail to the new message. You can also copy the entire phishing e-mail and paste it into the new message.
        2. Use the latest and most up-to-date virus protection.
        3. Change all of your passwords.
          • Start with passwords that are related to financial institutions or information.
          • It is a good idea to change the passwords on all accounts just to be safe.
        4. Always review your credit card and bank statements for unexplained charges or inquiries.

Be on the Lookout!

Beware of anything that promises something for nothing. The old adage, "If it's too good to be true, then it's probably not true," applies in this case. The following are known scams out there, but always be aware of anything that seems out of the ordinary.

IRS Scams
The IRS has two known scams targeting unsuspecting people wanting to get a tax refund. The first is an e-mail scam that tells users that due to a clerical error, they are actually getting more money back as a refund. It has a link to a form that must be filled out in order for the user to receive their "extra" refund.

According to the IRS website (www.irs.gov), the agency never conducts business with taxpayers via e-mail. The form actually links to a website that has nothing to do with the IRS. For more information on these scams from the IRS, please visit www.irs.gov.