-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Everyone,
As many of you may be aware, many people on campus started getting
phishing emails purporting to be from CalState 9 Credit Union over
the last couple weeks. Yesterday we received a call from CalState 9
that they are concerned that these attacks could disproportionately
affect members of our campus community. System and Network Security
(SNS) is working with CalState 9 to identify where these attacks may
have led people so that we can go through our own logs in an effort
to identify who, if anyone, may have fallen victim to this attack.
In the mean time, we would like to urge the campus technical
communities (Micronet, ucb-security, etc) to help us get the word out
about this and other phishing scams and to inform their users that
the following 10 tips will help them protect themselves.
1. Don't reply to email or pop-up messages that ask for personal
or financial information, and don't click on links in the message.
Don't cut and paste a link from the message into your Web
browser phishers can make links look like they go one place, but
that actually send you to a different site.
2. If you are concerned about your account, contact the
organization using a phone number you know to be genuine, or open a
new Internet browser session and type in the company's correct Web
address yourself.
3. Use anti-virus software and a firewall (like the campus
licensed Symantec Corporate Edition available at
http://software.berkeley.edu), and keep them up to date.
4. Don't email personal or financial information.
5. Review credit card and bank account statements as soon as you
receive them to check for unauthorized charges.
6. Be cautious about opening any attachment or downloading any
files from emails you receive, regardless of who sent them.
7. Always ensure that you're using a secure website when
submitting credit card or other sensitive information via your Web
browser.
8. Ensure that your browser is up to date and security patches
applied
9. Forward spam that is phishing for information to spam@uce.gov
and to the company, bank, or organization impersonated in the
phishing email. You also may report phishing email to
reportphishing@antiphishing.org. The Anti-Phishing Working Group, a
consortium of ISPs, security vendors, financial institutions and law
enforcement agencies, uses these reports to fight phishing.
10. If you've been scammed, visit the Federal Trade Commission's
Identity Theft website at www.consumer.gov/idtheft.
Yours,
John Ives
System and Network Services
- ----------------------------------------------------------------------
- ---
John Ives
GSEC, GCIH, GCWN
System & Network Security
University of California, Berkeley
Phone (510) 642-7773
Cell (510) 229-8676
- ----------------------------------------------------------------------
- ---
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ71dPJOthQ8M7PCaEQJxOQCgxw4Vvro9CsEeJ/p5TLG8JR8Ufr0AoK+U
/e7CZpTMsOEXosYS5YlePfu3
=Tclj
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Thu Jan 5 09:56:08 2006
This archive was generated by hypermail 2.1.8 : Thu Jan 05 2006 - 09:56:08 PST