The University of Tennessee
A-Z Index  /  WebMail  /  Dept. Directory
 

IT Security Awareness Training

Topic 7: Phishing

Phishing movie still

To watch the video, click on the icon below that matches your media player. If you don't have a player, go to our download page. If you need a video with text captions, please visit our text-captioned page.

flash player icon
quicktime player icon
real player icon
windows media player icon
"Phishing" is the act of sending an email pretending to be from an online store (Amazon, eBay), a financial institution (Chase, SunTrust), or an Internet service provider (ISP) with the intention of gaining personal information from the recipient. The email usually claims that you need to go to a link provided in the email to update your account information. Phishing hackers use this technique to obtain personal information such as credit card numbers, bank PINs, and Social Security numbers. Like traditional fishing, it relies on a computer user taking the bait.

Reputable banks, financial institutions, and ISPs will never send an email to notify you that your personal information needs to be updated via the Web. If you receive an email from an institution you regularly do business with that claims a requirement for this to be done, go directly to the institution's web site using your regular browser process (Do not click on any links provided in the email). You can also call them and ask if this is a legitimate request. Try never to expose your personal information in any form on the Internet unless you know that the site is encrypted and is legitimate. Even if a link in an email looks legitimate, don't click on it. Be aware that there are several ways to "spoof" a Web address, some of which can fool even an experienced surfer.

Phishing activity has also morphed into another form called "Pharming". While phishing is generally directed at a single user, pharming attempts to redirect as many users as possible away from a legitimate web site to a web site that looks just like the authenticate site but with one important difference; this illegal web site is designed to steal all of the user's personal information. This information is then exploited by the thief in various ways, including selling the information to other thieves. Be very careful of web links provided in emails.

Another protection against phishing email attempts is a good anti-virus software package that protects against phishing attempts. Some email engines have built in protection. This protection is not foolproof, but does provide an excellent layer of defense for you and your computer.

Interested in Exploring More?

Here are some sites you can use to look for more information:
FTC article on Phishing
FTC tips on avoiding Phishing scams
Microsoft video about Phishing
Anti-Phishing Working Group
Phishing with phones
Phishers using DNS servers to lure victims
Getting the Pharmers out of the fields
Pharming Out-Scams Phishing
Pharming: identity theft made even easier


IT Security Awareness Training Topics
Virus Protection
Passwords
Storing Sensitive Data
Spyware
Email Hoaxes

Virus Protection

Passwords

Storing Sensitive Data

Spyware

Email Hoaxes


Desktop Security
Phishing
Firewalls
File Sharing
 

Desktop Security

Phishing

Firewalls

File Sharing and Copyright

 



If you need any assistance, email aware@itc.utk.edu for help.

Click here to go back to the main Security Awareness Training page.