Phishing: Don't Take the Bait
An email from “UNH webmaster” sent recently to UNH employees boasts an eUNH graphic that makes the email look pretty legitimate. The message says UNH is migrating its email system and promises additional inbox storage, more secure Outlook Web access, mobile device support and an integrated email and diary. All you have to do is “click here” to complete the process.
Don’t do it. It’s a scam, the latest phishing ploy by hackers trying to get your personal information (usernames, passwords, social security numbers). The first hint is that “webmaster” is misspelled. Spelling errors are common in bogus emails. But the key thing to remember is that UNH IT would never ask for that kind of data in an email.
Another phishing effort being circulated to employees warns your email account is about to be suspended and again says to click on a link to prevent that from happening. It offers a second means of keeping the account active by clicking on “the secure link below” which, of course, is not secure at all. It is merely an attempt to lure you to the hacker’s website to get you to provide personal information. Don’t be fooled by the fact that “2012 University of New Hampshire” appears at the bottom of the message.
The term phishing is a take on actual fishing, where you bait a hook and wait to see if you get a bite. In 2007, more than 3.5 million people lost $3 billion to phishing. Many unsolicited emails appear to be from legitimate companies—banks, government agencies, even the FBI.
If you receive an email claiming to be from UNH but you’re not sure if it’s real, call UNH IT (2-4242). Remember: UNH will never ask for personal or identifying information via e-mail or on the phone. It’s a good bet your bank or credit card company won’t either. So, if you get an emailing alleging it is from an organization you do business with asking for personal date, call them directly to confirm they contacted you.
For more information visit http://unh.edu/helpdesk/phishing/unh-phishing.html.