Phishing, Anyone?

Recently I received a message in my school e-mail box from a bank where I once did business. The message asked me to click on a link and update my account information. Since I no longer bank there, I deleted the message. Now I’m wondering, how did the bank get my school e-mail address?

Banks do not use e-mail to ask customers to update account information. It sounds as though this message was actually an example of ‘phishing.’ Here’s how it works. An identity thief sets up a Web site that looks just like a site for a legitimate bank or business. Then, a spam message is sent to thousands of e-mail addresses in the hope that some recipients will actually have an account at the bank or business named in the e-mail. However, the link included in the message takes the reader to the faked Web site. When private information is provided there, the identity thief uses it to access bank accounts or make purchases.

Both personal and school e-mail addresses are vulnerable to ‘phishing.’ Never provide private information in response to an e-mail, regardless of how authentic it appears to be. Be sure staff and students are aware of this practice as well.