Phishing is the name given to the practice of sending e-mail that appears to come from a real company that does business on the web to a large number of recipients (usually using a large mailing list from a spammer). The phishers hope that some of these messages will be received by people who actually do business with the victim-company and will click-through to a bad website. Once on the bad website, the phishers steal the information of the customer and then engage in identity theft.

These e-mails usually claim that it is necessary to "update" or "verify" your customer account information and they urge people to click on a link from the e-mail which takes them to the fake website. Often, these websites look exactly like the real company's website. Any information entered on the fake website will be captured by the criminals for their own fraudulent purposes.

Housing and Residence Life will never contact you by e-mail to ask you to update or verify your password or any other sensitive information by clicking on a link and visiting a website. You should always use the Nyumba System or the University's Self-Service System to do these tasks.

 

How can I prevent myself being a victim of phishing?

The key thing is to be suspicious of all unsolicited or unexpected e-mails you receive, even if they appear to originate from a trusted source. Although a company or the University may contact you by e-mail, they will never ask you to reconfirm your login or security password information by clicking on a link in an e-mail and visiting a website. Stop to think about how these organizations normally communicate with you, whether or not you signed up to be notified by e-mail, and never disclose your password or other personal information in response to an e-mail without checking to see if the request is legitimate first.

 

How to spot a phishing e-mail.

Who is the e-mail from? Phishing e-mails can look like they come from a real e-mail address. This is called spoofing. Spoofing occurs when someone enters an address that is not their own in the "From" line of an e-mail address. Currently, the technologies that make the Internet so connected, also make it easy for criminals to do this with e-mail. Remember, just because it looks like it came from the organization that it says it did, it may not have!

Who is the e-mail addressed to? Phishing attacks are sent out at random to bulk e-mail lists and the fraudsters will almost certainly not know your real name or anything else about you, and will address you in vague terms like "Dear Valued Customer." E-mail from Housing and Residence Life will always have your name in it, as it is registered with the University.

Take a closer look at the e-mail - does it look "phishy"? The first thing to remember is that companies will never write to you and ask you for your password or any other sensitive information by e-mail. The message is also likely to contain odd "spe11ings" or cApitALs in the "Subject:" box (this is an attempt to get around spam filter software), as well as grammatical and spelling errors. If you are note sure if an e-mail is really from the organization that it says it is, then call them using a telephone number you get from the phone book or an online directory service.

Where's that hyperlink going to? Unfortunately it is all too possible to disguise a link's real destination, so the displayed link and anything which shows up in the status bar of your e-mail software can easily be faked. Often times, the entire body of the message will simply be a picture file that has been programmed to act like a button and clicking ANYWHRE on the message will take you to the bad website. We recommend that you never log-on to an online account by clicking on a link in an e-mail. Instead, open your web browser and go to the organization's website yourself.

 

How to spot a Phishing website.

What's the site address? If you accidentally visit a website after clicking on a link from an e-mail, there are many ways of disguising the true location of a fake website in the address bar. The site address may start with the genuine site's domain name, but that is no guarantee that it points to the real site. Other tricks include using numerical addresses, registering a similar address (such as: www.housing.uncc.com), or even inserting a false address bar into the browser window. Many of the links on the bad website may actually go to the genuine website, so don't be fooled just because the links work correctly.

Beware of fraudulent pop-up windows. Instead of displaying a completely fake website, the fraudsters may load the genuine website in the main browser window and then place their own fake pop-up window over the top of it. Displayed like this, you can see the address bar of the real web site in the background, although any information you type into the pop-up window will be collected by the fraudsters for their own usage.

 

Reporting suspicious emails.

If you receive a suspicious email, please inform the sender as directed on their website. You may also report suspected fraud to Housing Technology Services or to UNC Charlotte's IT Security Office.

 

Other Things to Remember.

No legitimate company nor The University of North Carolina at Charlotte, will never e-mail you to request that you "confirm" or "update" your password or any personal information by clicking on a link and visiting a website.

Treat all unrequested e-mail with caution and never click on links from unrequested e-mail.

To log-on to Internet e-commerce websites, open your web browser and type the address in yourself.

If in doubt about the validity of an e-mail, or if you think that you may have disclosed information to a fraudulent site, contact the organization immediately using a telephone number you get from the phone book or an online directory service.