skip navigation
Vol. LVII, No. 16
August 12, 2005
cover

previous story

next story
Don't Get Hooked!
Email Phishing Attacks at NIH Increase

"Phishing attacks are on the rise at NIH and while we are taking measures to address the problem, our best defense is user awareness," says Jaren Doherty, chief information security officer for NIH. "Because phishing emails have become more sophisticated and can appear to be legitimate, users need to be extremely cautious about responding to any suspect emails."

How Phishing Works

Phishing is not so much a high-tech computer attack as it is an old-fashioned con game, played at electronic speed. The con uses deceit, guile and fear to make you willingly give up personal information that is then used to run up credit-card bills in your name, get bank loans and reach into your savings. They can file false tax reports, remove funds from your financial accounts, and even open a bank account in your name.

The goal of the con is to leave you little time to think before responding. Phishing email appears to be urgent in nature. It often includes authentic- looking logos and links to "real" businesses such as AOL, PayPal, BestBuy, Earthlink and eBay. It may state that "for security purposes" you need to immediately update or validate your account information to keep your account active.

How to Avoid Taking the Bait

This dangerous attack has become the largest source of identity theft today. The number of reported phishing web sites grew 30 percent from October 2004 through May 2005. Because NIH email addresses are public, you can expect to be a target. Your best defense is vigilance.

  • Be suspicious of any email with urgent requests for your financial information.

  • Know that reputable businesses never send email asking you to update their files via the web. If you receive such a request, call the company to verify it. However, do not use any phone numbers contained in the suspect email because they may be false and part of the scam.

  • When you submit personal information over the web, be sure you are sending it to a secure site and that the web address starts with https:// (an "s" on the end), not http://.

  • Beware of messages with poor spelling and grammar.

  • Scammers will alter legitimate web site addresses (otherwise known as a url — universal resource locator), by substituting characters that look like others (using zero instead of the letter "O"). The longer the address, the easier it is to disguise the changes.

If You Think You've Been "Hooked"

  • Immediately place fraud alerts with the three major credit reporting companies. This will protect your credit should your identity be stolen. You may contact them at:

  • Equifax — http://www.equifax.com/, 1-800-685-1111

  • Experian — http://www.experian.com/, 1-888-397-3742

  • TransUnion — http://www.transunion.com/, 1-800-916-8800

  • If you provided your bank account or credit-card number, call the institutions, report the fraud, cancel the account(s) and open a new account.

It's a good idea to regularly review your credit report at the three major credit bureaus. Identity theft can occur in many ways, not just from a "phishing" trip. If you have been victimized, "new" credit card accounts may appear.

If you receive a suspected phishing email at NIH, forward the email to the NIH Help Desk: ithelpdesk@nih.gov, http://ithelpdesk.nih.gov, phone (301) 496-4357, (866) 319-4357 (toll free) or (301) 496-8294 (TTY). Once notified, NIH IT staff will attempt to block these emails and malicious web sites. Visit http://securitynews.nih.gov/phishing_alert.doc for more advice on phishing.

Would you respond to the email below?
Other than changing the name to “BankUTrust,” this is an actual phishing email that was recently received at NIH.

 

From: BankUTrust [mailto:server@bankutrust.com]

Sent: Monday, July 11, 2005 6:47 AM

Subject: Account Update


bankutrust.com/update http://62.193.199.28/gerewjrewiprjewrewirjewrewjrewprjeworjewrj
pjdsadiahdaidhjadhuiorijrewrewjrrewrewopodsadanewq eopkdaewjopkafasijdajdojewqeq
kokew eqkoeqw/update_card.htm

Account Info Verification


Dear BankUTrust holder account,

As part of our security measures, we regularly screen activity in our BankUTrust network. We recently noticed the following issue on your account: A recent review of your account determined that we require some additional information from you in order to provide you with secure service. Case ID Number: PP-065-617-349. For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. Please update your BankUTrust account to restore your access as soon as possible.

You must click the link below and fill in the form on the following page to complete the verification process.

Click here to update your account http://62.193.199.28/gerewjrewiprjewrewirjewrewjrewprj eworjewrjpjdsadiahdaidhj adhuiorijrewrewjrrewrewopod sadanewqeopkdaewjopkafasijda jdojewqeqkokew eqkoeqw/update_card.htm

In accordance with BankUTrust User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to update your BankUTrust account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.

We apologize for any inconvenience.

Sincerely, BankUTrust Account Review Department

________________________________

Please do not reply to this e-mail.

back to top of page