What is phishing (pronounced "fishing")?

From Wikipedia: phishing is "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."
http://en.wikipedia.org/wiki/Phishing

Phishing is usually implemented via email or instant messaging but any electronic messaging system may be used, e.g. Twitter. Phishing emails are usually spammed (sent via bulk, unsolicited email) or could be targeted to a specific organization or group. After obtaining usernames and passwords, cyber criminals could impersonate the owner of the compromised account, steal confidential information, send more spam, and commit other criminal activities.

If you receive phishing email (which may look authentic and legitimate) requesting sensitive information (e.g. usernames, passwords, email addresses, bank account numbers, date of birth, etc.):

• DO NOT REPLY to the email. Replying (even to tell the spammer to stop) tells the spammer that your email address is valid.
• DO NOT PROVIDE any sensitive information, especially if the email is unsolicited or from an unknown user.
• DO NOT CLICK on any links/images/attachments contained in the phishing email. Malware may be downloaded and installed on your computer.

After a targeted phishing email is reported, Information Technology Services (ITS) may choose to implement protective measures such as:

• investigating new phishing attempts
• blocking the email address from sending to UH
• blocking the reply email address from receiving from UH
• contacting users who replied to the phishing email before it was reported and blocked
• blocking access to suspicious websites that are linked within the phishing email
• posting new phishing email on the Security Alerts website at http://www.hawaii.edu/its

Please go to http://www.hawaii.edu/its under the Security Alerts section to check for the latest phishing attacks targeting UH usernames.

If you would like to receive phishing notices by email, go to http://www.hawaii.edu/its/notices/index.php and subscribe to our phishing-alert email list.

General guidelines for reporting spam/phishing

• Google@UH users --> you can report spam or phishing emails directly to Google
  • To report phishing attempts to Google, follow the instructions at:
    http://mail.google.com/support/bin/answer.py?answer=184963
  • To report spam to Google, follow the instructions at:
    http://support.google.com/mail/bin/answer.py?hl=en&answer=190737
• Targeting UH usernames --> send to phishing@hawaii.edu with full mail headers
  •   See http://www.hawaii.edu/askus/895 for displaying full mail headers.
  •   See http://www.hawaii.edu/askus/898 for reporting a new/suspicious email targeting UH usernames.
• Spam/phishing sent from a hawaii.edu address --> send to abuse@hawaii.edu with full mail headers
• General spam --> delete; do not need to report; can block sender's email or entire domain from your account using filters. http://support.google.com/mail/bin/answer.py?hl=en&answer=8151

More information

What is ITS doing about spam?
http://www.hawaii.edu/askus/566

What can I do about spam?
http://www.hawaii.edu/askus/565

Spam at the University of Hawaii
http://www.hawaii.edu/askus/571

Security (or lack of it) on the Internet (Spam and Phishing)
http://www.hawaii.edu/askus/687

• Contact ITS