Recently, here at UW we saw form of Phishing that is often unconsidered. Someone went to a web hosting company and created the domain name of mywyoweb.net. They then copied what WyoWeb (the real one) looked like and started sending that page along to user’s at the University of Wyoming. If you logged into that site, they had your username and password, and thus access to all of your email, wyoweb, network resources, etc. at the University of Wyoming. What is scary about this is if you didn’t know the correct url wyoweb.uwyo.edu, you very well could have been tricked.
IF YOU DID ENTER YOUR USERNAME AND PASSWORD INTO THIS FAKE SITE PLEASE CONTACT HELP DESK PERSONNEL ASAP.
The typical form of phishing comes through email. Something like, “Dear Webmail User, we have noticed irregularities in your account profile and wish to confirm your account.” Then there is usually a link which takes you to place to enter your username and password. These emails always seem legitimate in the way the look and the way they sound. In fact, the email may even give a veiled threat that, “if we don’t receive a response within 48 hours after receipt of this email message, your account will be deactivated.” Oh my!
This is a classic Phishing attempt by someone to get your account credentials. Any legitimate business, including the University of Wyoming, will never, ever, EVER ask you to email or enter your account credentials in a web form. Anytime you receive an email from someone you do not recognize, especially containing web links or asking strange questions, don’t feel bad, just delete it. This is the world we live in and through electronic means, spammers and hackers will try anything to steal your online identity.
We, as the end users need to not take our email so personally. A lot of times we get the attitude of, “why are these guys always sending this stuff to me?” They aren’t, they are sending this stuff to everybody and we need to recognize what is legitimate email and what is not. If at any time you get an email from someone or an organization you do not recognize and you ask yourself, “Self, why am I getting this, what does this have to do with me.” Why keep it? Guaranteed you know what email is important and which email isn’t, so why beat yourself up over it? The person who sent it, does not expect a response in most cases, they are just hoping to get one, for all the wrong reasons.
Again, nobody should ever send you an email asking for your account information. If you get that email, delete it, let it go, it is a phishing attempt and should be classified as unnecessary SPAM. To keep yourself save use secure passwords, over 8 characters and include a symbol or a capital or both.
Most important though is to not take SPAM and Phishing attempts as personal attacks on you. These are hitting everyone and the reason they keep coming is people continue to believe their “account will be deactivated in 48 hours.” Don’t be afraid to just delete these emails and go on with your day.