Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect yourself from phishing is to learn how to recognize a phish.
Phishing emails usually appear to come from a well-known organization and ask for your personal information such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.
In order for Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
Below are samples of phishing scam emails sent out by malicious individuals:
"We found unauthorized transactions on your account. To ensure your account is not compromised, click the link below and confirm your identity."
"Due to an overflow of inactive account, please go through this survey to confirm and re-validate your account."
"Dear Lucky Winner, We are happy to inform you that your email address have emerged the Prime winner of Four Hundred & Fifty Thousand Euros (450,000.00) in Uplift International Email Lottery Award."
"Your email (or password) will expire soon. To avoid any interruption, please click the link below and upgrade your email."
Image from Microsoft Security Website
Treat every email you receive (even if it is from someone you know) with caution. Reputable organizations will never request personal information via email. Internet criminals target all types of businesses, home users, institutions and governmental organizations. You should use the same precaution in all aspects of your daily life Some other important notes to consider:
In order for us to properly track phishing activities and stop more emails from being sent out to other users, you will need to send us the full message headers of the email. Below are instructions on how to do so:
If you responded to any phishing emails, contact the CSE Helpdesk immediately at firstname.lastname@example.org or (973) 290-4015 so we can assist you in resetting your password and check your account for any suspicious activity.
If you have submitted any other sensitive data such as your Social Security Number, it is recommended that you sign up for credit monitoring with a reputable credit report agency.
A collection of videos on phishing, identity theft and other computer security issues can be found here at our CSE Media Site (log in with your normal username/password like you would log in to any computer on campus).