Security Awareness

Phishing and Identity Theft

What is Phishing?

Email has become one of the most popular methods of communicating with our customers, employees and friends. Because, of the increase of email usage a new marketplace was created to solicited customers. Phishing is an attempt to send out a false email in order to get personal information such as credit card numbers, passwords, social security and/or bank account numbers. Be suspicious of an email that asks for personal information. Most legitimate businesses have a policy that they do not ask you for your personal information through email. Many members of the Iona community have reported receiving emails from what appears to be legitimate companies.

How Does it Work?

Phishing schemes can be carried out in person or over the phone, and are delivered online through email or pop-up windows. A phishing email appears to come from popular Web sites or sites that you trust, like your bank, financial institutions, credit card company or even “The Iona Support Team”.

Common Scam Techniques

"If you don't respond within 48 hours, your account will be closed." Phishing email may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking.

"Dear Valued Customer." Phishing email messages are usually sent out in bulk and do not contain your first or last name.

"Click the link below to gain access to your account." Some messages can contain links or forms that you can fill out just as you'd fill out a form on a legitimate Web site. Once you filled out the forms the information usually goes to a phony Web site and now they have your information.

What To Do If You Have Been Scammed

The most important thing to remember is that no reputable company will ever ask you for confidential information through an email message. If you receive a message that you are not sure about, the first thing that you should do is call the company. Remember to call the company’s customer service department directly, not through the email message you received.

If you have given out your credit card call your credit card company. The sooner an organization knows your account may have been compromised, the easier it will be for them to help protect you.

Review your bank and credit card statements monthly, you may be able to catch the con artists and stop them before they cause significant damage.

If you think you've responded to a phishing scam with password information or entered passwords into a phony Web site, change your passwords as soon as possible

If you believe that your personal information has been compromised or stolen you should report the incident to the authorities including The National Resource for Identity Theft, The Federal Trade Commission (FTC), The Anti-Phishing Working Group and the New York State Banking Department.

Articles of Interest

• Tips from the FTC on how to avoid getting taken by a phishing scam
• Helpful information on how to reduce your risks for identity theft
• Report Identity Theft
• Cyber Safety Video Series
• How to spot fraudulent job opportunities

Questions? Please contact the Help Desk at (914) 633-2635.