Phish-ing (fish’ing) Webster’s Dictionary defines it as the practice of luring unsuspecting Internet users to a fake web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information.
UTMB was recently the target of a massive phishing attack. Several thousand computer users received an email stating that their email limit was about to be exceeded, and to continue sending and receiving email they must validate their “quota” by providing their UTMB account name and password.
Be advised, no legitimate organization will ever ask you for your password, if they do, refuse to give it to them. NEVER share computer account information with anyone, especially your password.
To avoid being lured into the trap, below are some tips to protect you from phishing attempts, identity theft and fraud:
- Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
- Don’t click on links in emails that ask you to provide personal information. To check whether an email or call is really from the company or agency, contact them directly by phone or online. If you don’t have the telephone number, get it from the phone book, directory assistance, or theInternet. Use a search engine to find the official web site.
If you think you’ve been a victim of a phishing attempt follow these guidelines:
- If you provided the password to your UTMB computer account, change it immediately and contact the information security officer at email@example.com.
- If you provided account numbers, PINs, or passwords to a phisher, notify the companies with which you have those accounts immediately.
- Put a “fraud alert” on your files at the credit reporting bureaus. For information about how to do that and other advice for identity theft victims, contact the Federal Trade Commission’s Identity Theft Clearinghouse toll-free at 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261.
- Even if you didn’t get hooked, you should immediately report any phishing attempts to the information security officer at firstname.lastname@example.org so that further action can be taken to protect the staff of UTMB.