Phishing is a type of deception, frequently appearing to be from someone that you know, designed to steal your valuable personal data such as credit card numbers, passwords, account data or other protected information. It can come in many shapes and sizes, ranging from email messages about your passwords expiring, and/or enticing you to click on links and logging into forged websites to view "important" documents, to fake letters from your bank asking you to verify your information. The key to beating phishing scams is being prepared and knowing what to look for.
Phishing emails will often contain logos and language that sounds official to trick you into a false sense of security. Often these emails will appear to be from an entity/individual that you are familiar with, or perhaps, even know personally. The links contained within will often lead to official/authentic looking sites that you are familiar with, but the site's URL will indicate otherwise. You must stop and ask yourself, why would any institution or individual send an email asking for sensitive account information, or tempt you to click and log into a website (usually forged email portals) to "view" documents. Remember, if you are currently reading an email appearing to be from an individual that you know, and they are asking you to click a link and then log in to "view important documents", this should be a HUGE red flag. When in doubt, always verify the source of the email. You should contact the institution or individual directly for this verification.
The following is an example of a phishing email:
By responding to these emails, you are hurting not only yourself but potentially everyone at Southern Miss. A response to one of these emails can cause @USM.EDU addresses to be blocked by other Internet/Email Service Providers. Your email address is often used, at this point, to send out thousands of SPAM messages to your colleagues on campus, and even external.Outside of Southern Miss, responding to a phishing e-mail asking for banking or credit card information can ruin a life you've worked years to build. Identity theft can take years to resolve, and may never truly go away.
If you think your account may have been compromised due to phishing, follow these steps:
- Change your Campus (SOAR/Email) password IMMEDIATELY via the University's password portal at:https://www.usm.edu/itech/campusid, then report the incident as soon as possibly to the iTech Help Desk at 601.266.HELP (4357) or by emailing: helpdeskFREEMississippi.
- In the case of your personal accounts outside of Southern Miss, report it to the appropriate company as soon as possible. The faster they are notified, the better that company will be able to protect you.
- For much more information regarding general identity theft and how to report these incidents, please visit the Federal Trade Commission's website at: https://www.identitytheft.gov
Use the latest and most up-to-date virus protection.
- Everyone should run antivirus software on all of their devices, even smartphones.
Change all of your passwords.
- Keep in mind, antivirus products are generally not effective in protecting you against phishing style emails/attacks. They can; however, assist with malware protection that can be attached to some of these emails. So, please do not rely antivirus products to mitigate phishing attacks.
- Start with passwords that are related to university business, financial institutions, or other personal information.
- It is a good idea to change the passwords on all applicable accounts just to be safe.
- Always review your credit card and bank statements for unexplained charges or inquiries.IRS Scams
- The IRS has two known scams targeting unsuspecting people wanting to get a tax refund. The first is an e-mail scam that tells users that due to a clerical error, they are actually getting more money back as a refund. It has a link to a form that must be filled out in order for the user to receive their "extra" refund.
- According to the IRS website (www.irs.gov), the agency never conducts business with taxpayers via e-mail. The form actually links to a website that has nothing to do with the IRS. For more information on these scams from the IRS, please visit www.irs.gov.