News

• Current News
• Campus IT Memos
• IT News Archive
• HSC-ITS IT Update
• IT Calendar
• Cool Stuff
• Leadership Home
• OIT Home

Beware of Internet Phishing Scams

Date: August 17, 2005
To: University of Utah Faculty, Staff, and Students
From: Stephen H. Hess, Associate Academic Vice President for Information Technology
Subject: Beware of Internet "Phishing" Scams

"Phishing" is a word that describes a type of identity theft by which scammers use fake Web sites and e-mails to fish for valuable personal information from individuals. The FBI is calling "phishing" the "hottest and most troubling new scam on the Internet."

In typical phishing scams, you may receive an e-mail that appears to come from a company, financial institution, or government agency telling you that you need to "verify" or "re-submit" confidential information such as
your bank account number, credit card account numbers, Social Security Numbers, passwords and personal identification numbers (PINs). The phishers provide a return e-mail address, a link, or a pop-up message,
which may be very convincing, and may look very much like a company's real web site.

A very recent example, of particular concern to the University, is one in which the phishers are impersonating the University of Utah Credit Union, asking for you to confirm your account number and password. DO NOT
respond to any e-mail that asks you to provide this type of information - from ANY company, financial institution, or government agency, including the University of Utah. If in doubt, call the institution or company using a valid phone number from the phone book, not from the phishing e-mail or website.

The University's Institutional Security Office takes steps to block phishing web sites, but you should never assume that all phishers are blocked.

Phishers may also call you on the telephone, trying to convince you that they represent a bank or other institution or company. DO NOT give your private information to anyone who calls you on the phone. These callers can be very convincing and persuasive. They have been known to threaten to shut down your account, or use other strong arm tactics to convince you to give them your personal information. Simply refuse and hang up the phone. You may want to notify the impersonated company or institution of such attempts.

Please protect yourselves from "phishing" expeditions. You may wish to share this information with family and friends.

------------------------------------------------------------
Distribution of this message was approved by Stephen Hess, Associate
Academic Vice President for Information Technology, University of Utah
Phone (801) 581-3100, 101 Wasatch Drive, Eccles Broadcast Center,
Salt Lake City, UT 84112