IT Security

Over the past few years, there have been many attempts to steal private information from individuals, such as, passwords, personal information, financial data.  One technique that is widely used is for the perpetrator to pose as a representative of an organization with which you may be involved and to simply ask you for the information.  This technique, called "phishing", has duped countless victims who may have been contacted through an e-mail message, a phone call or other means with a request to provide private information by someone who they thought was a computer support staff member, a bank representative, and the like. 

The phisher will usually describe a situation that, he or she states, requires you to provide specific pieces of your personal information.  For example, her or she may indicate that the organization is verifying their records, is updating their systems, has had a system failure and is rebuilding their records, has determined that your account should be closed unless you provide information, and other plausible scenarios.  You may be asked to send the information in an e-mail, to tell it to them over the phone or to click a link to a website that will have a form for you to provide your information.

The key to remember is that it is extremely rare for organizations to ask you to provide your private information via e-mail or phone.  So, if you ever get an unsolicited e-mail message or phone call from any organization, trusted or otherwise, asking you to provide personal information that an organization already has, assume it is phishing and do not respond.  If you believe that there is a chance that the contact may be legitimate, contact the organization directly using their published phone number or e-mail address.  Do not use any phone numbers, links, or e-mail addresses provided in the correspondence.

For further information on phishing, please click here.