Don’t take the bait; Avoid email phishing schemes


phishing hook

April 14, 2016

SLIPPERY ROCK, Pa. - An email lands in your inbox asking for personal information and tries to frighten you into opening a link. It may come from an unrecognized sender, or it may appear legit, such as a recent email that circulated on campus from what appeared to be the payroll office.

The email is a fake ¬- a classic spear phishing attempt by a fraudulent user.

john zeigler


John Ziegler, SRU associate provost for information and administrative technology services, said Microsoft and Forefront spam filters block 95 percent of phishing attempts. To avoid the 5 percent that may make it through, Ziegler has a piece of advice to users to avoid becoming a victim - don't open anything fishy.

"Beware of links in emails that ask for personal information, even if the email appears to come from an enterprise you do business with," Ziegler said. "Phishing websites often copy the entire look of a legitimate website, making it appear authentic. To be safe, call the legitimate enterprise first to see if it really sent that email to you. Businesses should not request personal information to be sent via email."

Ziegler said SRU receives 385,000 computer messages a week. Because of spam filters, "We block more than the bulk of it," he said.

Phishing is an attempt by a criminal hacker using a ruse to get people to divulge some type of information in an email and to drive them to a link. Poor security can result in identity theft, monetary theft and legal problems.

According to the FBI's Internet Crime Complaint Center, cybercrime cost Americans an estimated $800,492,073 in 2014. The losses are likely much lower than actual Internet crime losses the FBI noted, because "only an estimated 15 percent of the nation's fraud victims report their crimes to law enforcement."

Ziegler said the number one user-beware tipoff is a request for any personal information, especially financial data. He said to beware of pop-ups and never enter personal information or an email address into a pop-up screen.

"Always look at see where it's actually coming from," he said. "People can actual spoof email addresses and do all kinds of stuff. That's why you have to be diligent in knowing what it looks like. Remember, campus is not going to ask you by email for any type of personal information."

Ziegler said people should only communicate personal information via phone or secure websites. Users should look for a sign that the site is secure such as a lock icon on the browser's status bar. And, he said, never conduct personal online transaction at work.

"Beware of phone phishing schemes," he said. "Do not divulge personal information over the phone unless you initiated the call. Be cautious of emails that ask you to call a phone number to update your account information."

Another common scheme is email that appears to come in from a friend. This indicates that a person's account has been hacked or comprised. Don't click on the blue link.

"Don't use your SRU email for personal business or input your email address," he said. "People are going to harvest those things."

Another common sense rule of thumb: "If it sounds to good to be true, it is."

He said people should evaluate emails like incoming phone calls at home. If you don't recognize the caller ID, don't answer the phone.

Ziegler recommended that employees take his office's Security Awareness Program, which provides further prevention tips.

MEDIA CONTACT: Gordon Ovenshine | 724.738.4854 |