Information Security Office

Email Phishing Information

Due to the continued prevalence of “phishing” email messages being received by BGSU email account holders, the Information Security Office has provided the following frequently asked questions list, and a reminder that all accounts are important to the security and reputation of the University.

Q:  Will Information Technology Services (ITS), the Office of the Chief Information Officer (CIO), or the Technology Support Center (TSC) ever ask for a password by email?

A:  NO!  You will never be asked to provide private information by email including any of your account passwords.

Q:  What is phishing?

A:  Phishing messages normally arrive via email and are designed to gather information. They may appear to be legitimate such as from a university (help desk or specific IT related department, a bank, eBay, Paypal, or Internet service provider (ISP), or they may urgently request that you click on a link. They are deliberately designed to attempt to obtain personal information such as usernames and passwords, credit card or bank account information by masquerading as a user or entity the user trusts.

Q:  What does a phishing message look like?

A:  Examples of phishing messages received by BGSU email account holders are available at:

      http://www.bgsu.edu/offices/cio/page24161.html

Q:  What should I do if I receive a phishing email message?

A:  BGSU email account holders are advised to ignore and delete the message. Above all, DO NOT REPLY.

Q:  What should I do if I have replied to a phishing email message?

A: If you have replied to one of these messages, please change your password immediately using the instructions found at:

       http://www.bgsu.edu/its/tsc/self-help/page9443.html.

Q:  I have a message that I am not sure is a phishing message, what can I do?

A:  Any email message that you are questioning may be directed to abuse@bgsu.edu for verification. Phishing “warning signs” are available for your reference at:

       http://www.bgsu.edu/infosec/page56691.html.

Q:  Why would someone try to obtain my BGSU username and password?

A:  Many phishing scams are designed to coerce you into giving out your username and password so that they can access your email and send out spam that looks like it is coming from you. They do this in the hope that a recipient of the email, seeing that it is from you, will click on the fraudulent link and/or provide private information such as a credit card number or other personal information.

Q:  What can happen if spam messages are sent from a university’s email address?

A:  As a result of the volume of spam originating from these compromised accounts, the entire University community is vulnerable to being “blacklisted” by external Internet Service Providers (ISP). If BGSU is blacklisted by an external ISP, email account holders of that ISP (e.g., Gmail, Hotmail, Yahoo, AOL, etc.) would not receive email originating from bgsu.edu.

Q:  What does the university do to prevent these phishing scams?

A:  Many precautions are in place to catch and/or prevent unsolicited emails messages, and we continue to work on additional measures for catching these scams early. However, all users are advised that, in some instances, the messages do get through and users should be extremely careful when dealing with them. When one account is compromised, everyone is potentially affected. Members of the University community are encouraged to be aware of issues related to phishing and other Internet scams. The best protection from phishing is user awareness and diligence.  There is currently no technological solution that can totally prevent phishing.

More specific information about security, including phishing, is available at the Information Security web site:

      http://www.bgsu.edu/infosec and any questions may be directed to infosec@bgsu.edu.