Frequently Asked Questions about Phishing (FAQ)
- What is phishing?
- Is there any easy way to identify fraudulent email?
- What kind of information should I protect?
- Is phishing done only through email?
- How do I avoid becoming a victim of a phishing scam?
- I received an email telling me my account is going to be disabled, is it legitimate?
- Where can I find more information about phishing?
What is phishing?
Phishing schemes are attempts to steal personal information through fraudulent email that looks legitimate. These email messages often provide links to fraudulent websites where you are asked to disclose credit card numbers, social security numbers, or other private information.
Phishing attempts often direct users to websites that have been "pharmed." Pharming occurs when hackers attack DNS servers and change IP addresses, redirecting users from a legitimate website to a compromised version of the original site.
Although phishing is often easily recognizable due to poor grammar or bogus Reply-to addresses, some phishing attempts are relatively sophisticated. Always use caution when replying to unsolicited email.
Is there any easy way to identify fraudulent email?
Phishing email may include requests for the following:
- Sensitive personal information. Legitimate institutions will not request this kind of information through email.
- Lost personal information. Legitimate institutions keep back-up copies of data, so it is extremely unlikely that they would lose your information.
- Money in exchange for your safety. Ignore these threats, unless there are signs that the threat is personal, in which case you should immediately notify the police.
- Urgent action due to account changes that need your immediate attention. Be suspicious. Contact the business directly.
Also, many phishing email scams will address you as Sir or Madam, or as Account Holder, rather than by your name.
What kind of information should I protect?You should protect all data related to your identity:
- Social Security number
- Driver's license number
- USC ID number
- Account, credit card, and debit card numbers
- Mother's maiden name
- Passwords, access codes and PINs
- Pet's name and name of first school (often used for forgotten password resets)
- Date of birth
Is phishing done only through email?
No, identity thieves also use phone calls, instant messaging, social media sites, and malware programs that people get tricked into installing on their computers. Malware can monitor a computer keyboard, recording such information as passwords or credit card numbers, and then relay such data to identity thieves.
How do I avoid becoming a victim of a phishing scam?
- If you get an email, instant message, or phone call in which you are asked for financial or personal information, do not reply or click links within the message.
- Never provide sensitive personal or financial information through email. No legitimate business will ask for this kind of information through email.
- Do not click links in potentially fraudulent email. A link that looks like it points to a valid website could be forged or cause your computer to download malware.
- Use caution when opening email attachments, even if they appear to be from someone you know. Scan the file using your antivirus program before opening it.
- Always open a new browser window and type a website's address in the URL field. Do not cut and paste the website address.
- Always try to talk to a real person if you are in doubt about the status of an account. Call a published telephone number and speak to a real person.
- Check your credit card and other financial statements regularly for unauthorized charges.
- Keep your computer's security updated. Using the most recent versions of software can help protect you against phishing. See the Security Overview page.
- Install and use a firewall program.
- Install and use antivirus software.
I received an email telling me my account is going to be disabled, is it legitimate?
You should be aware that illegitimate email messages are sometimes sent to USC account holders with variations of the Subject line: Re-Activate Your Account. At first glance, these messages may appear to be USC email. However, the messages urge recipients to reply by email and include their USC password and other personal information. Always remember that neither USC nor ITS will ever request that you submit personal information, including any passwords, over email.
For a list of phishing emails recently sent to USC account holders, please see our Phishing Email Warning page.
For other questions, please contact the Customer Support Center at 213-740-5555 or send an email to firstname.lastname@example.org.
March 22, 2012