As any type of fraud, phishing can be extremely damaging and has already claimed victims on campus. Use these pages to find out more about phishing - what it is and what risks it poses. Don't get hooked! Learn how to protect yourself against phishing scams and identity theft pages.
What is Phishing?
Phishing refers to different types of online scams that ‘phish’ for your personal and financial information (e.g., your passwords, Social Security Number, bank account information, credit card numbers, or other personal information).
These messages claim to come from a legitimate source: a well-known software company, online payment service, bank, or other reputable institution. Some will use an organization's email address, logo, and other trademarks to fake authenticity. See below for details on phishing attacks at UMass Amherst.
The message or phone call usually asks you to provide, update, or verify your password or account, make a payment, or consider a necessary purchase. More recent scams involve fake anti-virus software or malware protection software (e.g., Banker.BOT).
In addition to email, Internet fraudsters use pop-up windows, text messages, and even phone calls to trick you into giving away your personal information.
Signs of phishing include:
- Ultimatum: An urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’.
- Impersonal greeting: Some phishing messages use a general salutation (‘Dear University Email Owner’) or an incorrect version of your name, but more sophisticated scams will even spell your name correctly.
- Spelling, punctuation, or grammar errors: Most messages will include some mistakes. ‘Email owner that refuses to update his or her Email, within Seven days’
- No signature or contact information: Additional contact information is not provided.
For more information, see OnGuard Online Topics: Phishing.
Don’t be fooled! These are fraudulent communications that in most cases have nothing to do with the institution they claim to be affiliated with. Opening, replying, or clicking the links provided in these emails poses a serious security risk to you and the campus network.
Some of the risks involved are:
- Identity Theft: Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.
- Virus Infections: Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
Phishing Attacks at UMass Amherst
Members of the University community may have received more targeted phishing emails, asking specifically for their OIT Account NetID and/or password. These fraudulent emails claim to be official University communications (or otherwise originate from a legitimate office on campus). Most will ask you to ‘immediately update’ your personal information or face serious consequences.
Don’t be fooled! These emails do not come from OIT/UMass Amherst. They are fraudulent messages attempting to compromise your personal information.
OIT will never ask for your OIT Account password or other sensitive information via email.
Note: UMail spam filters will intercept some fraudulent emails, but they are not foolproof. It is critical that you learn to identify phishing scams and take the appropriate steps to protect your computer and your information.
By responding to these emails with your OIT Account information, you provide access to your email and possibly grades, financial information, and other sensitive details from your University records.