The Indiana Information Sharing and Analysis Center (IN-ISAC) — a joint effort of the Indiana State Police, Indiana Office of Technology, the Indiana Fusion Center and the Indiana Department of Homeland Security — was established in Fall 2015 to help further secure state government from cyber threats and to help educate the public about cybersecurity.
Here are some tips about phishing. For more cybersecurity tips, visit http://cybersecurity.IN.gov.
Beware of phishing attempts
All Hoosiers must be careful not to fall victim to phishing, a particularly misleading and dangerous type of spam. Phishing (pronounced “fishingâ€) is the illicit attempt by criminals to obtain personal information. Phishing may occur by email, on Internet sites or over the phone by real people or robotic calls.
Phishing messages generally have the following characteristics:
- They are unsolicited.
- They contain an urgent request for personal financial information.
- To entice a response, they frequently contain exciting or upsetting statements.
- They will purport to be from a legitimate business (banks, PayPal, e-Bay, etc.)
- They are generally not personalized, though they can be.
- You may be directed to fill out a form in the email, go to a linked website or call a telephone number.
- The sender will eventually seek some or all of the following:
- Name
- Address
- Date of birth
- Bank account or credit card information
- Social security number
- Login IDs and passwords
The phisher’s goal is to fraudulently gain your information and use it for personal gain. The number and sophistication of phishing scams sent out to consumers are increasing rapidly. While online banking and e-commerce are safe, consumers as a general rule must be careful about giving out personal financial information over the Internet or by telephone.
What should I do if I receive a “phishing” message?
Most legitimate businesses will not solicit such information through email. If you believe it is legitimate, call a customer service number (not one listed in the email) or type the legitimate company URL directly into the address line (do not cut and paste from the email).
The site below can be referenced to see if the message you have received is part of a phishing attack. Failing to find your particular message on any list does not make it legitimate!
- MillerSmiles -Â http://www.millersmiles.co.uk/
Phishing techniques designed to trick recipients
To lure people into responding, phishers try to use:
- Realistic looking and sounding messages
- Effective use of legitimate company logos in counterfeit messages
- Parts of legitimate company names in phony URLs
- Redirected links making it appear as if a legitimate address is being accessed when actually the victim is being routed to a phony imitation of the legitimate entity
- Phone systems used as part of scams to gather confidential information instead of an electronic form
- Fake yellow security lock graphics. Typically, double-clicking on the lock displays the security certificate
- Spoofing or forging https:// in the URL to give the appearance of a secure site
Log onto http://cybersecurity.IN.gov for more information on phishing and other cybersecurity issues or subscribe to the IN-ISAC email list.