• Phishing
• Scam, Myths and Hoaxes
• Viewing and Submitting a Full Email Header
• Filtering Junk Mail in Outlook

• What is Phishing?
• How to Avoid Phishing Scams
• Related
• References and Links

What is Phishing?

"Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity." (wikipedia)

Spoofed, or fake emails, from popular social media sites, IT administrators, banks, government, popular email hosting companies, will warn of account closures, quota problems, hacked accounts or other such problems that require immediate attention; they may contain links to unbelievable videos or information on current world events and celebrities.  Often the email itself, or the fake website linked in the email, will be exact replicas of the real thing.  Many phishing emails will contain malicous attachments which will infect your system. 

You have probably seen some kinds of phishing emails already. For example, you may have received an email asking you to verify your account information for your Bank of America account, or PayPal account, when in fact you don't have an account with either of them.  Another common phishing email warns that your account is over quota and if you do not reply to the email with your userid and password your account will be closed.

The University of Manitoba will never ask you to confirm or divulge your password(s) or PIN(s)

• Be suspicious
  Phishers will often use convincing or urgent statements that can convince you to react immediately. Phishers will often try to trick you into with requests to have you verify your account information. Don't give out what they should already have!
  If you are unsure as to the legitimacy of the email, contact them directly or visit their website in the way you normally would.
   
• Avoid using links in e-mails
  Phishers will often use convincing links, which may look similar to the real ones. Avoid using links which come into email. It's always best to go directly to their website in the way you normally would, especially if the email is suspicious.
    
• Keep your computer secure
  Email is not the only way you could get phished. To keep things simple, be sure you have an up-to-date antivirus application and make a habit of running anti-spyware checks periodically.
   
• Use a current version of a popular browser
  The most current versions of the top three browsers (Internet Explorer, Firefox, and Chrome) have built-in security mechanisms to help give you some protection against phishing websites.  Though you may not want to rely soley on this device, it's an added peace of mind.  Read more about each browsers security features:
  
  Firefox - Phishing and Malware Protection
  Internet Explorer - SmartScreen Filter FAQ
  Chrome - Phishing and Malware Protection
   
• Add an anti-phishing signature to your email
  Prevent those you correspond with over email by letting them know you will never ask them to disclose their personal information.
  
  Example:
  NOTE: The University of Manitoba will NEVER send unsolicited requests for passwords or other personal information via email.
  Messages requesting such information are fraudulent and should be deleted.

• Are you receiving notices about e-mail you didn't send? 
  Your address has been "spoofed" (forged).
• Is someone you know sending you spam or a virus?
  Probably not. Find out who really sent you that message and how to report a virus or spammer.

• US-CERT warning
• Phishing Examples
• Test your Phishing IQ

• How to avoid phishing scams - CNET Reviews
• Anti-Phishing Working Group
• Phishing - Wikipedia.org

Scams, Myths and Hoaxes

There have been many real computer viruses and virus warnings. But there are many more hoax warnings, some about computer viruses, some not, that have also wasted a lot of computer and human resources.

An example of a non-virus hoax that was e-mailed to many UofM staff purportedly warned of abductions from a local shopping mall, complete with details. This latter type of hoax is categorized as "Urban Legend" or "Urban Myth". Almost an exact duplicate, with a local shopping mall name substituted, was circulating in North America at the same time.

Unfortunately, a major cost of these warnings is the warning itself - because many users feel obliged to pass it on to friends in exploding chain-mail fashion, creating huge burdens on local and faraway networks and mail servers.

The next time you receive an E-mail warning of this nature, PLEASE do *not* pass it along to your friends and colleagues - it is likely to be a hoax if it urges you to do just that.

Here are 3 things you should do now to get prepared.

1. Check that your anti-virus software is active and up to date.  For on-campus users, see your IT support person for assistance.  For home users, see our Anti-Virus page for assistance.
2. Bookmark trusted websites that catalogue viruses, virus hoaxes, and urban myths. You can type in a key phrase or heading from any warning you receive into the search field of these sites and see if they come up with a matching description. Then you'll know whether you're dealing with a real problem or a hoax.

   Viruse Information:
   Kaspersky's Securelist - http://www.securelist.com/en/descriptions
   Symantec's AV Center - www.symantec.com/avcenter
   
   Virus Hoaxes and Urban Myths:
   urbanlegends.about.com
   Blog on Virus Myths - http://www.vmyths.com/
   Snopes - http://www.snopes.com/computer/virus/virus.asp

3. Learn how to turn on and off the "full header display" of your email messages. If you do receive an email with a suspect attachment, phishing message, or suspect claim, you will then be able to turn on full headers and forward the message to security personnel with the complete message tracing information intact. Please don't delete the message until you are sure it has been forwarded with full header information displayed. Never just click on email attachments you were not expecting.

When you get your next warning, check your bookmarked anti-pest sites first or do a search on a sentence or two from the email. If you don't succeed in finding a matching description on these websites or you are still concerned, pass the message on to only one or two key people, namely, your local computer support person, and/or the IST Security Coordinator.

Filtering Junk Mail in Outlook