Phishing

In computing, phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy source in an apparently official electronic communication, such as an email or an instant message. The term “phishing” arises from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords.

Phishing attempts can be very deceiving. You may receive an email that appears to be from a reputable company, such as eBay or PayPal, saying “click here to respond to this message” or “click here to update your account information.” You may also receive something that is a bit more suspicious such as “You have just won a European vacation!” In reality, these emails just want you to go to a website and enter in personal information so that the people who sent you the message can either steal your identity or gain access to your accounts for use in fraudulent activities.

Phishing Example

A very sophisticated and convincing phishing email circulated campus with the subject line “[UCANet-L] (Action Required): Email Encryption Service.” This was not a legitimate email. The body of the email is below.

Dear Colleagues:

In order to encrypt the database platform,we have scheduled a maintenance window to perform the necessary work. Please note that all email accounts need to be verified.

The support service desk will be upgrading to latest anti-spam version. You are required to login using the link provided below to avoid account deletion and losing all information on your mailbox.

For email encryption, please visit uca.edu/it/email-encryption.

Division of Information Systems & Technology

That link took you to a fraudulent login page, where those who entered their username and password in the page would unknowingly give away their credentials.

Learn More About Phishing