Information Technology

"Phishing"

Return to top of page

Fraudulent e-mail messages disguised as if they are coming from Purdue administrators and/or from reputable companies have been arriving on campus. Messages seemingly from Purdue administrators appear to be from a Purdue e-mail address; messages from reputable companies such as eBay, PayPal, and financial institutions appear to be from senders at those respective firms. The content of these messages usually tries to convince you of one or more mistruths, including these:

  • Your account will expire soon.
  • Your account has been suspended for security reasons.
  • Somebody has been using your account for fraudulent activities.
  • It's time to verify your personal and/or account information.

When the messages include a directive to click over to a specific web site using the provided hyperlink, we call these attacks "phishing." It's when a spammer attempts to lure you to a web site -- a fake site designed to replicate a company's real web site -- and tries to fool you into submitting personal, financial, or password data. If you do so, you are at risk for identity theft and/or misuse of your computer accounts.

Clicking the links included in some fake messages take you to off-campus web sites which attempt to download viruses to your computer.

You will likely receive messages like these from time to time. When you do, please simply delete them. Do not click on any web link which appears in the messages.

If you are ever uncertain of the authenticity of an e-mail message, please take at least one of the following steps before you act on the message:

  • Contact your department's IT support staff. (Liberal Arts faculty and staff should see the CLA IT staff page.)
  • Contact the ITaP Customer Service Center at (765) 494-4000.
  • Telephone the organization from which the message has purportedly been sent to verify its authenticity. (Do not assume that a telephone number listed in the e-mail message is legitimate, though. Find the number in a telephone book or on an official bill you've received on paper.)
    

Example of a Fake Fraudulent E-Mail and Web Site

Example of fake e-mailWhen spammers include a link to a web site in their fraudulent e-mail messages, the web link itself has usually been programmed to appear as if it is legitimate. Instead, it contains a false link -- that is, hidden code has been inserted to fool you into thinking you're accessing a legitimate web site. Clicking the web link, though, typically takes you to a replica web page. Its content "confirms" the e-mail alert and asks you to type in personal information such as a username, password, account number, credit card number, and/or Social Security number. This is one way that spammers obtain the information they use to commit identity theft and/or other fraud.

To show you how this could work, we have created an example of a fake fraudulent web site -- the parody web site which is pictured here.

To lure you into visiting the "phishing" site, a spammer would e-mail you a message similar to this one:

From: security@percu.com
To: vsmyth@cla.purdue.edu
Subject: Fraud alert for your PERCU account

Dear PERCU member,

PERCU has been alerted to the possibility of fraudulent activity in your account. To determine whether your financial records have been compromised, please verify your account at our web site:

http://www.percu.com/account-verify.cfm

To prevent unauthorized access, accounts will be closed unless verified within 24 hours.

Sincerely,

PERCU Security Department

The web link above is, in fact, an example of a false link or "masked URL." You are led to believe that clicking it will take you to the financial institution's official web site -- in this case, the web site for the mythical Purdue Employees Regional Credit Union, or PERCU -- although our parody page is actually located here on the College of Liberal Arts web server.



Return to top of page