• IT Security Home
• IS Services Home
• IT Security Alerts
• IT Security Policy
• IT Code of Conduct
• IT Security Awareness

• IT SECURITY GUIDELINES
• Overview
• Password Security
• Software Updates
• Windows Updates
• Office Updates
• Folder Sharing
• Printer Sharing
• Spam
• Data Protection
• Adware & Spyware
• Linux Security

Phishing

What is Phishing?

Phishing is a form of online fraud. In a typical phishing fraud, you may recieve an email or pop-up message that claims to be from a business or organisation that you may have previously dealt with. For example: an Internet service provider (ISP), bank or online payment service.

The message may ask you to 'update,' 'validate,' or 'confirm' your account information. It may gather this information by asking you to complete an online form or by return e-mail

The individuals or groups sending these 'phishing' communications are looking for for bank account and credit card numbers, passwords or personal identification numbers (PINs). If you inadvertently respond, these may be used to make unauthorised withdrawals from your bank account or to pay for online purchases. Personal information may even be sold on to other parties.

How to spot a fraudulent email?

Trust your instincts. If a message looks fraudulent or offers something that looks too good to be true, it possibly is.

Ask yourself why you are being contacted or asked for this information.

Here are some phrases that may be used in a phishing e-mail:

• “Verify your account”
• “Respond within 48 hours or your account will be closed”
• “Dear valued customer”
• “Click the link below to gain access to your account”

A typical phishing email will likely have the following characteristics:

• It normally appears as an important notice, urgent update or alert with a deceptive subject line to entice the recipient to believe that the email has come from a trust source and then open it. The subject line may consist of numeric characters or other letters in order to bypass spamming filters.
• It sometimes contains messages that sound attractive rather than threatening e.g. promising the recipients a prize or a reward.
• It normally uses forged sender's address or spoofed identity of the organisation, making the email appear as if it comes from the organisation it claimed to be.
• It usually copies contents such as texts, logos, images and styles used on legitimate website to make it look genuine. It uses similar wordings or tone as that of the legitimate website. Some emails may even have links to the actual web pages of the legitimate website to gain the recipient's confidence.
• It usually contains hyperlinks that will take the recipient to a fraudulent website instead of the genuine links that are displayed.
• It may contain a form for the recipient to fill in personal/financial information and let recipient submit it. This normally involves the execution of scripts to send the information to databases or temporary storage areas where the fraudsters can collect it later.

Click here to view some examples of recent phishing emails

What can i do to protect myself?

• Report suspicious e-mails. If you are suspicious of a website, contact the legitimate owners of the site - but not by responding to the e-mail. Use an alternative method.
• Be wary of clicking on links in e-mail messages, they can lead to fake sites.
• Type addresses directly into your browser or use bookmarks.
• Make sure that your anti-virus and anti-spyware software is up-to-date.
• Review credit card and bank statements for problems or inconsistencies.
• DON'T enter personal information in pop-up windows - even if they look official and secure

What should i do if i think i have been the victim of a phishing attempt?

• Alert the relevant organisation and the Garda Síochána.
• Notify the relevent financial institution if it related to a bank account.
• Change passwords and access codes.
• If it relates to your College access, please report to the IS Services Helpdesk at the earliest opportunity.