Spoofing and phishing...be aware of spamming scams

March 4, 2008

Spoofing

Ever wondered how an email that you never sent turns up in your email inbox—and probably others' inboxes too?

You could be a victim of a spamming technique called "spoofing" where a spammer randomly chooses a name and makes it look as though it was sent by the person whose name is in "From" line. The technique is currently being used to send out hateful speech and misinformation during the U.S. presidential election season but has been used for a variety of negative purposes in the past, including the transmittal of computer viruses. NOTE: If you reply to a spoofed email, your reply will go to the spammer, not to the email address noted in the "From" line.

The Miami University Knowledge Base has a number of cases that can help you combat spam. Read IT Services plans and recommendations for managing spam email.

Phishing

Phishing is a kind of webpage spoofing where a legitimate, usually finance-related web page, such as a bank or Pay Pal, is reproduced to reflect the look and feel of the real thing. Usually the purpose of the fake website is to harvest personal information such as login IDs, passwords, and credit card or social security numbers. In short, phishing is a kind of identity theft.

There are a few ways to tell if an email message is fraudulent:

• The business asks you to "verify your account."
• The business threatens to close your account within a set short period of time, e.g., 24 or 48 hours.
• The business uses a generic name for you, e.g., "valued customer" instead of your name.
• The business tells you to access your account from a link within the email. (If you want to access your account, it's always the best practice to open up a new window or tab in your browser, enter the url you typically use to connect with the business's website and login in the usual way.)

Read Knowledge Base article #84440 to learn more about protecting yourself from phishing scams.