Avoiding tricks from fake emails and websites

Fake Emails and Web Sites
Online fraud occurs when someone poses as a legitimate source to obtain sensitive personal data. Often called “phishing” or “spoofing.”

We will never send email containing attachments, or require you to send personal information to us via email, web link or pop-up windows.

Fake emails will often:

1. Ask you for personal information. Fake emails often contain an overly generic greeting and may claim that your information has been compromised, that your account has been frozen, or ask you to confirm the authenticity of your transactions.
2. Appear to be from a legitimate source. While some emails are easy to identify as fraudulent, others may appear to be from a legitimate address and trusted online source. However, you should not rely on the name or address in the “From:” field, as this is easily altered. Some even contain graphics or logos from the companies they are imitating and can appear professional and legitimate.
3. Contain prizes or gift certificate offers. Some fake emails promise a prize or gift certificate in exchange for completing a survey or answering questions. In order to collect the alleged prize or gift certificate you may be directed to provide your personal information. Just like with job offers, be sure to confirm that prize or gift certificate is being issued from a known and trusted company.
4. Link to counterfeit web sites. Fake emails may direct you to counterfeit web sites carefully designed to look real, but which actually collect personal information for illegal use.
5. Link to real web sites. In addition to links to counterfeit web sites, some fake emails also include links to legitimate web sites. The fraudsters do this in an attempt to make a fake email appear real.

Trojan horses
These fake emails may also contain a virus known as a “Trojan horse” that can record your keystrokes. The virus may live in an attachment or be accessed via a link in the email. It is a good idea never to open attachments unless you are expecting them, and they come from a trusted source.

How is my email address obtained?
Email addresses can be obtained from publicly available sources or through randomly generated lists. Therefore, if you receive a fake email that appears to be from helpdesk@law.utah.edu, this does not mean that your email address, name, or any other information has been taken from the law school computer network. Remember, the “From:” address can be easily faked. Sometimes, you may even see fraudulent email that appears to be coming from your own address!

Counterfeit web sites
Online thieves often direct you to fraudulent web sites via email and pop-up windows and try to collect your personal information. In many cases there is no easy way to determine that you are on a phony web site because the URL will contain the name of the institution it is spoofing.

One way to detect a phony web site is to consider how you arrived there. Generally, you were directed by a link in a fake email requesting your account information. Again, we will not request personal information from you via email and any unsolicited request should be considered fraudulent and reported immediately.

Protect thyself:

1. Delete suspicious emails without opening them. If you do open a suspicious email, do not open any attachments or click on any links it may contain.
2. Never open email attachments unless you are expecting the attachment and it comes from a trusted source.
3. Never reply and ask (them) to remove you from the list. Doing this will confirm to them them that your account is active and they will continue to send your unsolicited messages. It’s best to delete the message.
4. Never provide sensitive account or personal information in response to an email.
5. Never click on links in an email. If, for example, your bank is telling you there is a problem and that you should visit their site to fix it, don’t click on the link to the bank’s web site in the email – type it in your browser yourself.