What is Phishing?
Phishing is a technique in which users are directed by an official-looking e-mail to provide personal information under false pretenses. The message may appear to come from a bank, police agency, or other legitimate entity. The information requested may be a credit card number, social security number, ATM PIN number, password or other personal information. The recipient is asked to provide this information via e-mail or by visiting an official-looking web site, and warned that failure to do so may result in a discontinuation of service. Legitimate businesses and government entities are aware of phishing scams and would not ask you to send sensitive information in response to unsolicited e-mail. You should treat these messages like spam and never reply to them. Information Technology Services advises people to never send any passwords via an e-mail message for any reason.
- If you're asked to provide personal information via an e-mail message, don't.
- If you're asked to provide personal information via a web site, don't unless you're sure the request and web site are legitimate.
Compromised Computer Accounts
There have been several e-mail phishing scams from accounts claiming to be Binghamton University e-mail addresses and asking recipients to send their passwords via a reply e-mail. Some in our campus community have taken the bait and provided sensitive, personal material to unknown parties. Identity theft is a growing national issue. Phishing is one method for unscrupulous persons to gain access to personal or computer account information and launch either spam attacks or hacking attacks on others in the internet community. The account owner is usually not aware of this improper use.
ITS performed a spot check of outgoing e-mail and found that almost 100 people responded to one of these scams, which purported to be a request from the "Binghamton Technical Support Team" and threatened to cut off e-mail service unless the recipient responded with user ID, password and birth date. We notified those people that they responded to the scam and urged them to change the passwords on their accounts to strong passwords (8-character minimum with a mix of small letters, capitals, numbers and special characters). It is good practice to change your password frequently.
If you have doubts about requests to send sensitive information via e-mail or web page, DO NOT REPLY! Call the office responsible for the request and verify that the request is legitimate and that the data collected is handled securely during transit and at the recipient site. University offices must adhere to this high standard as well. Please consult the University policy on Internet privacy for details.
There is no way we can monitor, filter or discover all the various phishing scams that our users may receive, so be forewarned and ready when you receive these types of solicitations. The University (and other reputable institutions) will not ask for personal or password information in unsolicited e-mail messages, so you should NEVER respond to them, no matter how real they appear to be. If you’re unsure of the validity of the message, call a contact number for the organization obtained from verifiable paper correspondence or from the telephone book. Users should also report any suspicious messages to the ITS Help Desk (firstname.lastname@example.org or 607-777-6420) as we are not always aware of every scam in circulation.
If you have fallen for a Phishing scam, change your password immediately.