- Campuses :
- Twin Cities
- Crookston
- Duluth
- Morris
- Rochester
- Other Locations
December 30, 2004
To: Members of the University community
Fr: Steve Cawley, Chief Information Officer and Associate Vice President
Re: U of M email warning (phishing scams)
We have all heard a great deal about identify theft this past year. One of the methods used to steal a person's identity is through a scam known as "phishing". This involves the use of fraudulent emails and web sites to entice recipients into divulging personal information (e.g. credit card numbers, passwords, or their social security number) that can be used for identity theft.
Well-known internet sites such as eBay and PayPal have long been targets, but unfortunately we have recently seen an increase in this activity with a new twist---emails that target local businesses such as local banks (e.g. TCF) and insurance firms. The central "official sounding" offices like Registrar and Bursar of some universities have even been used!
If you receive an e-mail asking for personal information, make sure that you are confident of the legitimacy of the e-mail before following any web links in the email or entering any information. If the e-mail is supposedly from a company, such as eBay, and you are unsure, go to their main web page by manually typing their web page address into your browser (e.g. www.ebay.com) rather than clicking on links in email. Typing the address into your browser is better because links in emails can have disguised or hidden parts that take you to a fraudulent web page that looks just like the real one. But if you do accidentally end up at a suspicious page asking for personal information, just quit your browser without entering anything until you can check further and follow the steps below.
The quality of these phishing scams has improved substantially over the past couple of years and the lack of misspellings or the official look of the web site are not always sufficient to differentiate the scam from the real. One thing you can do is to examine the real company or organization's site for announcements or notices about phishing scams. These are often found under links such as "Security Center," "Protect yourself from online fraud" or "Fraud Prevention Guide."
Check to see if the e-mail you received matches those described by the site. Email asking you to "confirm" or "re-enter" private information because of some supposed problem should be treated with a great deal of skepticism.
For central University functions such as registration, bursar, or admissions the familiar U of M login page should appear for any real U of M pages that ask forpersonal information. If in doubt, remember that most functions are available by going to the OneStop web page by typing www.umn.edu and following the links there rather than the ones in an email.
Another option is to call the supposed source of the e-mail to confirm that it is legitimate. This may mean that you need to contact a department within the University, or the Customer Service division of a business or organization outside the University.
If you receive email that you suspect is a phishing scam:
1) If a U of M department is being impersonated by the phishing scam, forward the email to abuse@umn.edu along with a note about your suspicions
2) If other organizations/companies are the target, send a copy of the email to the Federal Trade Commission at spam@uce.gov
More information on how to protect yourself and additional steps can be found at:
http://www.safecomputing.umn.edu
http://www.ftc.gov/bcp/edu/microsites/idtheft/