Phishing is the use of email and fraudulent web sites to trick people into disclosing personal financial or identity information, such as credit card or Social Security numbers, Usernames, Passwords and addresses. Although most "phishes" come as email, phishing scams can also come in the form of text messages and phone calls.
An email message may look harmless. Posing as your credit card company, your bank or even Plymouth State University, it alerts you to a problem with your account and urges you to respond immediately by clicking a web link and "verifying" or "updating" your account information. The email and the web site may appear official, with all the familiar logos and corporate phrases. But they're bait, presented to fool you into divulging your personal and financial information.
Identity thieves send out billions of phish messages every month, according to media reports. The Anti-Phishing Working Group estimates that 5% of those who receive a phish message actually respond. Financial losses are difficult to measure, largely because victims are unable to attribute unauthorized charges to phish messages.
Spam filters provide some defense against phishers by intercepting their messages, but the target is elusive. The best defense is the individual user. Because things aren't always what they seem to be, you should be skeptical about emails.
What is personal identity information?
Any piece of information which can potentially be used to uniquely identify, contact or locate a single person or can be used with other sources to uniquely identify a single individual is considered personal identity information. In includes, but is not limited to, Social Security, driver’s license and financial account numbers. It can also include Usernames and Passwords, PIN numbers, street and email addresses, telephone numbers or biometric data (e.g., fingerprints, DNA).
Is it okay to give out personal identity information to the University via email?
No, Never! Because it can be very difficult to identify counterfeit emails, it is important to remember that Plymouth State University won’t ever ask you to disclose personal identity information via email. Scammers will sometimes pose as "the University email service" or "the campus tech support service." Don’t be fooled! If you are asked to disclose your Social Security Number, account information, Username and Password, or other identity information, don’t do it.
When in doubt, contact the Help Desk at (603) 535-2929 to ask for advice, or email the Help Desk at email@example.com.
What happens if I do respond to a phishing attempt?
ITS and the campus email admins may monitor network logs to identify incoming emails that are suspicious in nature. As part of their diagnostic tools, they have the ability to determine which IP addresses have responded to a suspected phishing request.
If the University logs any response by you to a known phishing address, you will have your credentials (Username and Password) disabled and will not be able to access network resources until you have re-established your University identity credentials. This may include reviewing this brochure, watching a short educational video and/or discussing the situation with a campus IT representative.
Is getting access to my Username and Password really that unsafe?
Yes, Very!. Someone with your Username and Password now has access your personal information in the MyPlymouth portal, including your payroll statements, financial aid records, grades, home address and more. With a Username someone can steal your identity, change your course schedule, alter your research, and gain access to other applications within your department or even data on your computer.
If you are an employee of the University, your Username and Password may give you access to additional data, beyond just your own. When you share or inadvertently give away your University identity credentials, you place the University at extreme risk for data loss.
Are there any instances in which Plymouth State University will ask me for personal identity information by email?
Neither the Help Desk nor any member of Information Technology Services (ITS) will ever ask you to reveal your Username or password, or other restricted data, through email, phone, text or other means. You may be asked to change or strengthen a password, but you will never be asked to disclose it outright.
Scam tactics are increasingly sophisticated and change rapidly. Even if a request looks genuine, be skeptical and look for these warning flags:
Dos and Don'ts
To Report Phishing or Spam
To report emails that appear to be spam, forward the email headers to firstname.lastname@example.org. Instructions for forwarding email headers can be found in the Help Desk Wiki, under the email section
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the ITS Help Desk (603) 535-2929 and ask for advice.