Beware of Phishing Scams: Know How to Spot the Signs

Friday, August 23, 2013

Computing Services and Systems Development (CSSD) frequently responds to email phishing scams that are received by members of the University community. A phishing scam uses a fake email or Web site to collect usernames, passwords, Social Security numbers, and other personal information.

An example of a recent phishing email appears below.

* * * * * * * * * * * * * * * * SAMPLE * * * * * * * * * * * * * * *

Subject: (Welcome to My Pitt, system administrator Ugrade Your Account)

Dear University of Pittsburgh,

As you know that we are working to develop a new webpage for our department. We are Planning to create detail profile for each Students, Faculty, & Staff member in the new webpage. Hence, You are cordially requested to verify your https://my.pitt.edu/ Account by clicking the link below;

Click the link here http://URLREMOVED

Technology Help Desk
University of Pittsburgh
Telephone: 417 611-HELP [2805]
Email: helpdesk@pitt.edu

* * * * * * * * * * * * * * END SAMPLE* * * * * * * * * * * * * *

No legitimate organization - including Computing Services and Systems Development - will ever ask for your password over email or on the phone. If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the emails.

There are a few tips you can use to help identify a suspicious email as a phishing scam. The video below explains these tips in more detail.

 

In general, be on the lookout for:

  1. Mistakes in grammar, punctuation, and spelling
  2. A generic email greeting (for example, Dear Pitt User)
  3. Claims that you need to act immediately to prevent something bad from happening (for example, your account will be deleted or your email will be lost)
  4. Requests for personal information, such as your password or bank account number
  5. Suspicious email links. Try hovering your mouse over a link without clicking on it. If the address that pops up does not match the link address as it is written in the email, it's a clear indication of a phishing email.

If you have questions about an email message or suspect it might be a phishing attempt, report it to the Technology Help Desk at 412-624-HELP [4357].

 


Get Help