Protecting Your Privacy

Several types of attacks are used to steal information and other assets on the internet. The most common ones include phishing, spoofing, and spam.

If you receive any suspicious emails, please forward them to abuse@iup.edu, or use the phish alert button.

Phishing

The act of a malicious user or website to deceive people into revealing personal information, such as account passwords or credit card numbers. A phisher typically uses deceptive email messages or online advertisements as bait to lure unsuspecting users to fraudulent websites, where the users are then tricked into providing personal information. Be aware of phishing attempts and be diligent with regard to identifying an attempt.

Spoofing

Spoofing attacks are commonly used in conjunction with phishing. The spoofed site is usually designed to look like the legitimate site, often using components like company logos from the legitimate site.

Spam

Unsolicited email that could be used to spread email messages as part of a larger phishing scam.

Many websites today offer features and services customized to your preferences based on personal information that you supply. However, not all sites can be trusted to use your personally identifiable information the way you want or expect. If you are not careful, you may find yourself the victim of identity theft.

Never provide your personal information in response to an unsolicited request, whether it's over the phone or the internet. If you did not initiate the communication, you should not provide any information. 

• If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and websites on the monthly statements you receive from your financial institution, or you can look up the company online. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself.

• Never provide your password over the phone or in response to an unsolicited internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings.

• Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity.

• Devote one credit card to online purchases. To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online. Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.

• Avoid using debit cards for online purchases. Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying. Debit cards, however, do not offer that protection. Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

• Pay close attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Some sites may even include a fake padlock icon that ordinarily is used to indicate a secure site. 

• Do business with credible companies. Before supplying any information online, consider the answers to the following questions: Do you trust the business? Is it an established organization with a credible reputation? Does the information on the site suggest that there is a concern for the privacy of user information? Is there legitimate contact information provided?

The following websites offer valuable information regarding protecting your privacy, identity theft, and phishing. Please take a moment to review them to aid in protecting yourself from these malicious attacks.

• Anti-Phishing Working Group
• Office of the Comptroller of the Currency Consumer Protection
• Cybersecurity and Infrastructure Security Agency
• Recognizing Phishing Scams and Fraudulent E-mails (Microsoft)