- Secure Computing
- Guarding privacy
- Email privacy
“Phishing” schemes and protecting your identity
“Phishing” is when the sender of an email tries to trick recipients into volunteering personal or credential-related information. That information can then be used to commit identity theft, or enter password-protected sites using your account. Phishing emails claim to be from legitimate sources such as the IRS or a university group, and typically use two components:
- An authentic-looking email, and
- A real-looking but fraudulent web page that asks you to supply personal information
(name, address, financial information, passwords, etc.)
As phishing schemes become more sophisticated, it becomes increasingly important to be vigilant, even if the message seems to come from a family member or somebody you know well. In 2009 phishing attacks have become even more frequent, and the FBI and other cybersecurity experts have recently noted that phishing is spreading to affect email accounts with services like Gmail and Hotmail, and social networking sites like Facebook and MySpace. An Oct 2009 article in the WSJ reported 300,000 accounts compromised recently via phishing across Hotmail, Google and Yahoo accounts.
Always be suspicious of requests for personal information that come via email, particularly requests for passwords, banking information, or wire transfers of money, even if the request seems to come from a good friend.
What to do about phishing or other suspicious email messages
What to do if you think you may have compromised your passwords or email account
If you believe you might have inadvertently revealed sensitive Yale University information such as your NetID password, contact ITS Information Security (information.security@yale.edu) immediately.
If your personal financial accounts may be compromised or if you believe you might have revealed information that could be used to for identity theft or fraud, see our information on identity theft.
Next → How to tell if a message from Yale is legitimate
