Copyright - Infocomm Development Authority of Singapore
What is phishing?
Phishing is the attempt to get your personal information (user identification (ID), passwords, credit cards details, mobile phone numbers etc) by masquerading as though the request is from your trusted source.
Why does it matter to me?
If you are deceived by the phishing attempt, and provided your personal information, then
- Your email can be used as a source of spam and phishing
- Your account can be used as a source to deceive others to click on links to malicious sites or download malicious files.
- You can suffer financial losses
Is there a Policy I need to be aware of?
Per SMU IT Security Policy
Clause 5.7, Account and Password Security
“Users should never respond to emails asking them to provide confidential information (usually by following a hyperlink to a web page with a form, or by filling out a form in the email). IITS will not ask users for their login network accounts or passwords. Users should always check with the IITS Technology Help Centre when in doubt.”
These are two cases that happened within SMU.
- Examine the “From” information. If it is a legitimate SMU email, the information should be email_ID@smu.edu.sg
- Examine the link. Hover your pointer to the link. This will show the actual link that is hidden behind the visible link shown. In this case, the actual link does not tally with the visible link (visible link is smu.edu/verification but the actual link is renklipasaj.com)
- Look at the email field after “Singapore Management University”. It showed the email address as firstname.lastname@example.org. Our email address should end in “smu.edu.sg”.
- Look at the link http://mailverification.php5.cz. Why would the link on the email be found at a site situated in the Czech Republic and not smu.edu.sg?
- Symantec Guide to Scary Internet Stuff - Phishing
- Phishing Scams - Simply Speaking
- Phishing quiz