Phishing:  The practice of using fraudulent emails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft.

Fraudulent emails are constantly floating around and many can affect those with MSU NetIDs, but they can easily be avoided by knowing what to look for. MSU IT Services has some tips on how to identify a fraudulent email and what to do when you see one.

How to spot a fraudulent email:

1. Tone and Language. The grammar of these emails is often poor and the tone is urgent or threatening toward your information. They’ll ask for an immediate response and say that your account could be suspended if you don’t act quickly. Misspellings and incorrect phrasings are extremely common.
2. Requests for personal information. These emails ask for financial or personalinformation, such as: account numbers, credit card and check numbers, PINs, social security numbers, usernames and passwords, date of birth, mother’s maiden name or other confidential information.

   

3. False links to web sites. Be sure that you are on the actual site of the financial institution or trusted business and that it is a secure site. A secure site will have an address that begins with “https:” and a padlock or gold key in the bottom right corner of your browser window. It is recommended that you verify the certificate of the site you are visiting by clicking on the locked padlock or gold key. All MSU web pages that need you to log in with your NetID and password will begin with https: and are secure.
4. Verification. To check if there is an actual concern with a company where you would need to provide information, go to their website by typing in the web address rather than clicking the link in the email. Chances are if there is an issue, it will show up on the company’s website.

It’s important to remember that MSU will not send anyone emails requesting personal information because the university already has this information backed up somewhere else.

If you see a fraudulent email in your mailbox, forward the email with the full subject line to postmaster@msu.edu.

If you are a victim of a phishing scam and have compromised your MSU NetID, immediately change your password and call IT Services Support.

If you have compromised other information such as your social security number or banking information:

1. Contact your financial institution or trusted business immediately.
2. File a police report. Obtain a copy of the written report as proof for creditors.
3. After the attack, if your personal information has been compromised you should file a fraud alert with the credit reporting services and perhaps review your credit reports (there are 3 major credit reporting services) to determine if any fraudulent activity appears.

More information can be found on the MSU IT Services website.