by Jill Reese

Tips to protect yourself from spear phishing scams: • DON’T reveal personal or financial information in a response to an e-mail request. • DON’T click links in an e-mail message that requests personal or financial information. Enter the Web address by hand. • DON’T respond to offers “too good to be true” from an unknown company. • DON’T dispute credit card charges from an e-mail. Call your credit card company instead. • DON’T post any information on your blog or social networking site that could be used by identity thieves.

“Your recent bank statement is now available. Please log in here to check it.”

“Thank you for your interest in our Mystery Shopping program. Simply fill out this form and we will pay you for your purchases!”

“Thank you for your recent purchase. If you did not order this merchandise, please click here to log in and dispute the charges.”

These are all examples of “spear phishing” con messages sent in e-mail. Spear phishing customizes requests for personal information in many ways, ranging from clumsy misspelled text messages to very sophisticated messages using actual graphics from targeted sites, names of officials, and wording combed from Web pages. If you respond to any of these tactics, even just replying with a “remove me from your list” or an insult to the spammer, potential consequences vary from having your e-mail address sold on marketing lists to having your account hijacked and used to send spam and spear phishing messages. You might also become a victim of identity theft. Once the spammer has your password, there are numerous scams that can be implemented against your good name and credit. It is practically guaranteed that the name and password combination will be tried at many popular online shopping and banking sites.

When you get a phishing message, just delete it. If you respond with your user name or password or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you could also cause service disruptions on the university e-mail servers. Since April 2008, more than 100 compromised accounts caused 90 days of service disruption when other Internet Service Providers blocked university e-mail servers because the servers were sending out mass mailings of spam.

When debating whether or not to respond to a message, remember this: e-mail is not a secure form of transport. Think of an e-mail message as a postcard with your message written on the back and shipped openly through many sets of hands before reaching its destination. Would you want your password, Social Security Number, or any other important personal information passed along in that manner? No! Then don’t send it. Period.