Phishing (pronounced "fishing") is a form of identity theft that attempts to trick people into revealing personal or financial information online. Phishers use phony Web sites or e-mail messages that appear to be from trusted businesses and brands in order to steal personal information such as usernames, passwords, credit card numbers or Social Security numbers.
The messages can be hard to recognize as fake, because they appear to come from known sources. The more familiar a message looks, the more susceptible people may be to performing actions suggested in the message.
Recent phishing messages received at Johns Hopkins claim to originate from a "JHU Support Team" or "Webmaster" or from another source inside Johns Hopkins. The subject lines say, "Verify your JHMI EDU account" or "Confirm Your Account" and include a request to respond with information such as username, password and date of birth.
Do NOT respond to e-mail messages that ask you to provide or verify your personal information. Do NOT follow any directions contained in such messages.
Sent: Tue, Jan 4, 2011 9:47 pm
Subject: Annual Security Awareness Breifing
In order to comply with the requirement for quarterly security briefings, please read through the following link and familiarize yourself with its content. Upon completion of the briefing please complete the accompanying form confirming that you have done so. Please do so within the next ten business days.
The site has a number of links guiding you to additional security information. It would be a good idea to bookmark this address to keep it handy for future reference.
Security Training Group
Johns Hopkins University
From: firstname.lastname@example.org [email@example.com] On Behalf of Mail Administrator [firstname.lastname@example.org]
Sent: Sunday, October 24, 2010 9:01 AM
Subject: Johns Hopkins Enterprise Messaging
The Johns Hopkins Enterprise wish to inform you that our Account Review Team identified some unusual activity in your Jhmi Webmail Account. Do send us your current login credentials to keep your account active.
Johns Hopkins Enterprise
Online Webmaster Department
Malicious users will send links inside of emails either hidden by a URL shortener or using hyperlinks. Below you will find several of the most used URL shortners:
Using a URL shortener or hyperlinks, the malicious user could mask the true identity of the link. Let's look at an example of this:
After (URL Shortener): http://tinyurl.com/5v798y3
After (URL Shortener 2): http://tinyurl.com/goodurl
After (Hyperlink): http://www.goodguy.com/keep_your_information_safe/
How can we protect ourselves from these simple, yet effective, attacks? For the first example, the URL shorteners, we can use a "link unwrapper" to remove the URL-obfuscation. Below you will find a link that will help you with this:
Protecting yourself from the second example requires quite a bit less work than the first example. If you hover over the link it will reveal the links true intensions in the bottom left hand cornor of your screen. Try it!
Financial institutions and other legitimate businesses -- including Johns Hopkins -- generally will not send e-mail messages requesting that type of information. Furthermore, legitimate internal Johns Hopkins messages about access to IT resources should provide contact information for you to use to get in touch with someone if you have questions. They would also have specific information regarding access. Information technology departments within Johns Hopkins would provide as much notice as possible about outages or changes to your account.
It is very important to note that, you should do your best not to click links within emails. Instead, type the URL in by hand to ensure that you are visiting the site you are supposed to be visiting. If the email is sent from a colleague and you are unsure of the validity. You should contact the sender directly and verify.
Suspected phishing can be reported to email@example.com or you can simply delete the message from your mailbox.