The recent political debacle involving hacking of a certain official’s computer reminds us once again of the ease and dangers of phishing. You may have been even more tempted recently to click on one of those links in an email because the phishers are getting more sophisticated, not to mention better at spelling and grammar.
E-mails that have actual logos, appear to be written in a form that mimics legitimate messages, or even that appear to come from a UVM or well-known address are all increasing in number.
Is it really so bad to click? This one came from a friend of mine so surely it’s OK? And, really, who would be interested in what’s on my computer anyway?
What kinds of things do phishers want to do? Gain access to your contacts so they can send phishing email to everyone on that list that will look that it is sent from a real account. If your friends start asking you why you are sending them fake ads or disturbing images or angry notes you may wish you hadn’t clicked on that phishing link.
Phishers and hackers may also be interested in harvesting your passwords. Many people use the same password for multiple services. A hacker who gets access to one now has a way to gain access to all. Once again, you may not mind if FaceBook posts appear to be from you start popping up but then again when your Amazon account and all the credit card information you stored there gets stolen – not so nice.
And hackers and malware? Well viruses are no fun and can be difficult to get rid of. Even worse is malware that turns your computer into a botnet whereby the hacker can use it to send malware to others.
How can you tell if an e-mail, even one that looks like it comes from a friend, is a phishing scam?
Is it telling you to click the link and provide your login information? Don’t click the link. If it’s your bank or a company that you do business just go to their website yourself and login as usual.
Does it look like it comes from a friend? Don’t click the link. If it is a full address you can copy and paste the link into your browser. Or, if it is a phrase that is a link you can right-click or control-click on it, copy and paste the link and, before hitting enter, look to see if it appears legitimate. For example, if your friend is sending you a link to a YouTube video make sure the address is http://www.youtube.com not http;//www.yuutube.com.
Does it look like official UVM business or like a note from Blackboard? Don’t click the link. UVM will never send email asking for your NetID and password. Any Blackboard alert messages will be posted on the Blackboard login page or sent from our own Blackboard admin with no request to click.
If you are ever uncertain about the legitimacy of an email message concerning your uvm.edu account, please contact the Computing Help Line at 656-2604, or submit a help request online by emailing techteam@uvm.edu.
And if you would like to report phishing, please forward the phishing email with full headers to is-spam@labs.sophos.com and to abuse@uvm.edu. (To forward a message with headers, please see http://www.uvm.edu/techteam/forwarding-full-mail-headers/)
By the way, the latest news reports that the case mentioned at the beginning of this blog post started out even more innocuous. Apparently the official in question checked with his tech supporter about the email and was told it was legitimate. A short time later they both realized that “legitimate” was a typo and the tech advisor meant to type “illegitimate.” (Please don’t tell me Auto-Correct struck again!) So, even if someone tells you it’s OK to click, resist the temptation.