Phishing Scams Hit Campus E-Mail

Recently, campus e-mail users have seen an increase in the number of fraudulent e-mail messages they receive. These messages, many of which appear to be from financial institutions, request that recipients visit a Web site to update account records and often threaten account suspension, service cancellation, or future billing problems if the information is not updated. Please be aware that these messages and the Web pages they link to are part of a phishing (pronounced fishing) scam.

Phishing scams are attempts to gain personal information such as credit card, bank account, PIN or social security numbers from the email recipient by appearing to represent a legitimate business. Most of these scams are conducted via e-mail messages that may include a copy of a corporate logo to add a degree of authenticity to the fraudulent request. Further, the phish e-mail may direct you to a Web site that appears identical to a legitimate Web page in order to gain the trust of e-mail recipients and to collect the requested personal information. Once this information is collected, it is used for fraudulent purposes.

In general, reputable companies do not send email messages that request the return of personal information via e-mail or Web form. If you receive an e-mail message requesting personal or account information, it is strongly advised that you use an established telephone number to confirm the authenticity of the message.

In particular, please be aware of recent tsunami-related phishing scams. These are taking the form of e-mail messages from individuals posing as tsunami victims requesting that donations be made directly to their bank accounts, as well as e-mail messages that refer recipients to Web sites that appear to represent known charities to make donations for tsunami victims. If you receive a request via e-mail for donations, you are strongly encouraged to verify the legitimacy of the email originator or to contact a known legitimate relief organization if you wish to make donations.

Additional information about phishing and examples of other recent phishing e-mail messages are available at http://security.ucdavis.edu/101_phishing.cfm. Please send questions about this message or about phishing to security@ucdavis.edu.

Robert Ono
IT Security Coordinator
Office of the Vice Provost
Information and Educational Technology