Avoid Getting Reeled in by Phishing E-mails

Phishing. You've more than likely seen the term. It has been in use for a few years now and basically means that someone is trying to trick you into revealing sensitive information by pretending to be a source you trust. This can happen in a variety of ways, but it typically starts with an e-mail message. The message directs you to either reply with the requested information or perhaps directs you to a Web site that collects it. The message you receive might appear to come from a source you trust, such as NUIT or your bank, but in fact, it did not. If you take the bait, you are caught, and thus you have been phished.

Why would somebody do this? "Click this link so I can empty your bank account" is unlikely to get a lot of takers; however, "click this link for a chance to win one million dollars" might. Then the scammers take it a step further. They need some information about you, just in case you win, so they ask for your name and bank account number. Then, they quickly transfer your money to their offshore bank account. Not the outcome you were expecting, right? This type of crime is on the rise and the financial losses alone amount to tens of millions of dollars.

What is sensitive information?

There is not a clear definition of sensitive information; however, you should always consider items like your Social Security Number (SSN), credit card numbers, NetID password, bank account information, and even medical data to be sensitive. The bottom line is you need to recognize what information you consider sensitive, and then take steps to protect that information.

Before you supply any sensitive information online, ask yourself why it is needed and how do you know it is safe to give away the data. If you are not 100 percent certain that you know the answer to those questions, then do not supply the information.

Over the past few months, Northwestern University and other universities nationwide have been targeted with malicious phishing e-mails that attempt to gather personal and sensitive information. Northwestern University Information Technology (NUIT) has created a new Phishing E-mail Web page where you can learn about phishing and view actual phishing e-mails that have been received by the University community.

Remember, Northwestern University will never ask you to reveal you personally identifiable information, including your NetID password.

Be a skeptic and defend yourself

Are you able to tell the difference between a safe e-mail and a phishing e-mail? Phishing scammers want to gain your trust so you will give them the personal information they request, such as your NetID or NetID password.  Providing scammers with this information places the University and you at risk. 

The best defense against these phishing scammers is to be an educated user. Visit NUIT's Phishing E-mail Web page to:

• See examples of actual phishing e-mails sent to the University community
• Follow best practices when receiving a suspicious e-mail
• Learn how to report phishing e-mails

Who to Contact?

If you are unsure about the legitimacy of an e-mail, immediately send an e-mail to consultant@northwestern.edu before you follow any of its instructions.

If you believe you have responded to a phishing e-mail, you must change your NetID password immediately and call the NUIT Support Center at 847-491-HELP (4357) to report the bogus e-mail and to receive further instructions, if necessary.

Services | Get Connected | Support | Educational Resources | About NUIT
Students | Staff/Faculty | Visitors/Media | Site Map | Online Directory
Northwestern Home | Information Technology | eCommunicator | Calendar: Plan-It Purple | Search
Information Technology  1800 Sherman Avenue Evanston, Illinois 60201 
E-mail: it-feedback@northwestern.edu
World Wide Web Disclaimer and University Policy Statements © 2008 Northwestern University