When internet fraudsters impersonate a business to trick you into giving out your personal information, itís called phishing. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Donít click on links within them either Ė even if the message seems to be from USP or an organization you trust. It isnít. USP or legitimate businesses wonít ask you to send sensitive information through insecure channels.
Examples of Phishing Messages
You open an email or text, and see a message like this:
- Your email account requires an upgrade and you need to verify your account by providing your username and password
- "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
- ďOur records indicate that your account was overcharged. You must call us within 7 days to receive your refund.Ē
The senders are phishing for your information so they can use it to commit fraud.
How to Deal with Phishing Scams
- Delete email and text messages that ask you to confirm or provide personal information (username and password, credit card and bank account numbers, etc.). USP and other legitimate companies will not ask for this information via email or text.
- The messages may appear to be from USP IT Services Helpdesk or organizations you do business with Ė banks, for example. They might threaten to close your account or take other action if you donít respond.
- Donít reply, and donít click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites Ė sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.
If youíre concerned about your account please call the IT Helpdesk (32117; helpdesk(at)usp.ac.fj)
You can take steps to avoid a phishing attack:
- Don't email personal or financial information. Email is not a secure method of transmitting personal information.
- Only provide personal or financial information through an organization's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.
Report Phishing Emails & Policy Violations
- If you might have been tricked by or need to report a phishing email, please email to helpdesk(at)usp.ac.fj
- A reminder to all staff that, not following the activities above is a violation of the "Conditions of Use of USP Computing & Networking FacilitiesĒ and the ďIT Security" policies.
- These policies can be accessed on the USP website http://www.usp.ac.fj/its and IT Services encourages all users to read the policy and ensure compliance when using ICT services
How to Spot A Hoax Email