A biweekly publication for faculty and staff

Don't Get Hooked by Phishers

September 24, 2014

A recent article published on the Inside Higher Ed website revealed that hackers in China are selling user account information from at least 42 universities across the world.

While we might imagine a high-tech compound of trained hackers furiously pounding their keyboards to get this information, the reality is much less dramatic: The account owners gave the information away.

How Phishing Works

We often hear the term phishing (think “fake fish”) in reference to safe internet habits, but not everyone understands what it means. The hacker is the fisherman. You are the fish. This is the bait:

“Please contact us immediately to verify your account. Failure to respond within 24 hours of this notification will result in account suspension, until your verification is received.”

Not all phishing attempts are obvious as requests from faux international princes. Just like with real life fishing, using more sophisticated bait increases the chances of outsmarting even the most clever fish.

Hackers rely more on social engineering — the art of manipulating people so they divulge confidential information — than actual technology.

They seek to gain your confidence so they can convince you to provide the information they need of your own free will. The methods to achieve this can be as basic as a carefully counterfeited email (including official logos and fonts, and even fake return addresses), or by using a small amount of publicly available information about you to convince you that they know more than they really do.

A little bit of healthy skepticism can be all it takes to prevent your personal information, work and finances from falling into the wrong hands.

Remember, hackers usually cast wide nets when looking for targets, so never assume that just because you don’t “have anything” means you are not potentially a target. Even small fish are better than nothing; and they can sometimes be used as bait for larger fish.

Your Own Best Defense

Think about it this way: You can build a fortress to protect your most precious possessions with every conceivable security measure in place. But if you leave the door open, people will get in.

Strong security begins and ends with you. Nobody is perfect, but good habits come with practice, so be the smarter fish and keep these tips in mind to prevent getting caught by a hacker:

  • Reputable businesses will never ask for your username or password via email, phone, text or mail.
  • Phishers want you to panic and respond immediately so you have less time to research the validity of their claims. To do this, they will often use threats, suggesting account suspension, loss of property or loss of privacy.
  • Check a second source. If you receive an email from a business and it looks legitimate but requests personal or “verification” information, or asks you to follow a link to log into your account, DO NOT use the links or phone numbers shown in the letter. Instead, go to the official website (use a search engine if you don’t know the URL) and use the numbers listed there to ask if there is a legitimate issue with your account.

Follow these suggestions to thwart hackers and you’ll be the fish that got away!