Reeling 'em In -- Spear Phishing by Jill Reese

“I’m an important official. Give me your password and name as soon as possible to prove your usage, or your account will be deactivated to reclaim the space on the server.”

“Your recent bank statement is now available. Please log in here to check it.”

“Thank you for your interest in our Mystery Shopping program. Simply fill out this form and we will pay you for your purchases!”

“Thank you for your recent purchase. If you did not order this merchandise, please click here to log in and dispute the charges.”

These are all examples of “spear phishing” con messages sent in e-mail. Spear phishing customizes requests for personal information in many ways, ranging from clumsy misspelled text messages to very sophisticated messages using actual graphics from targeted sites, names of officials, and wording combed from Web pages. If you respond to any of these tactics, even just replying with a “remove me from your list” or an insult to the spammer, potential consequences vary from having your e-mail address sold on marketing lists to having your account hijacked and used to send spam and spear phishing messages. You might also become a victim of identity theft. Once the spammer has your password, there are numerous scams that can be implemented against your good name and credit. It is practically guaranteed that the name and password combination will be tried at many popular online shopping and banking sites.

When you get a phishing message, just delete it. If you respond with your user name or password or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you could also cause service disruptions on the university e-mail servers. Since April 2008, more than 100 compromised accounts caused 90 days of service disruption when other Internet Service Providers blocked university e-mail servers because the servers were sending out mass mailings of spam.

When debating whether or not to respond to a message, remember this: e-mail is not a secure form of transport. Think of an e-mail message as a postcard with your message written on the back and shipped openly through many sets of hands before reaching its destination. Would you want your password, Social Security Number, or any other important personal information passed along in that manner? No! Then don’t send it. Period.

Tips to protect yourself from spear phishing scams:
DON’T reveal personal or financial information in a response to an e-mail request.
DON’T click links in an e-mail message that requests personal or financial information. Enter the Web address by hand.
DON’T post any information on your blog or social networking site that could be used by identity thieves.
DON’T respond to offers “too good to be true” from an unknown company.
DON’T dispute credit card charges from an e-mail. Call your credit card company instead.

 
High-Tech Products at Low Student Prices!

OIT and the university have negotiated several technology discount programs that students can benefit from:

ACT Program: Buy a new laptop or desktop computer from Apple or Dell and get discounted pricing as well as extended warranty service and on-campus repair. www.act.umd.edu

Terrapin Technology Store: See some of the ACT models in action and buy any of them at the store. The Tech Store is conveniently located in the Stamp Student Union. Also available are Apple accessories like iPods and iTunes gift cards. www.oit.umd.edu/techstore

Software Licensing: Visit the Software Licensing Web site to see all of the software programs (like Adobe Photoshop, Microsoft Word, and more) that are available to Maryland students at low prices. You can even pick up most of them at the Tech Store! www.oit.umd.edu/SLIC

Maryland Cellular Discount Program: Get cellular service and equipment from Sprint/Nextel and AT&T at reduced prices. www.cellular.umd.edu

Shop through these discount programs, and save some cash to spend during Spring Break!


Coming This Spring, a New Enhancement to IT Help


by Fred Morris

There will soon be a new online resource you can use to receive assistance from the OIT Help Desk. Scheduled for release this spring, the IT Service Center will give you a way to request help or service online 24 hours a day. The new system will let you track your help request status online and will keep a history of your requests. The KnowledgeBase, a database of information about common IT tasks, will also be available for you to search for self-help instructions.

You will be able to contact the OIT Help Desk in the usual ways, as well: walk in to room 1400 Computer and Space Sciences or call 301.405.1400 (x51400 on campus). The new online service will be an additional option for getting your help request started, even outside of the Help Desk’s normal operating hours.

Watch the OIT Web page (www.oit.umd.edu) and the Help Desk site (http://helpdesk.umd.edu) for details and release dates.
Office of Information Technology TechKnow is the Information Technology Newsletter for University of Maryland students, published by the Office of Information Technology. Letters to the editor and story suggestions are welcome. Please send correspondence to TechKnow@umd.edu.
© 2009 University of Maryland.