My alumni office sent out a note today, warning of a new email phishing scheme targeting alumni. Maybe you got one too.

I didn’t catch the phish this time, but have received tons of them in the last few months in the form of random job offers, eBay or PayPal notices, bank and credit card things.

This circles back to Jenna’s post about Facebook privacy policies -- it’s exactly the potential outcome of lenient privacy on sites or emails from sites we tend to trust (especially our schools or social networking sites). You’ve seen some of these before, but here’s a quick updated list of what you can do:

1. Never Verify. Don’t respond to an email that requests that you “verify” any private information – this includes not just bank or credit card info, but even university email account info – password or pin numbers.
2. Dear Member. If it’s all non-specific (Dear Member), but is still asking for private info, be very suspicious. A legitimate communication from an organization that maintains some of your private information will often contain a piece of that private info (special login name, etc.)
3. Don’t Reply. If you’re interested in an unusual offer from what should be a trusted source, don’t reply to any links in the email. Instead, go to the main page of the site as you normally would, and see if you can navigate to the offer. If you can’t verify that an email is legitimate, report it to the website using their contact us link off their homepage (again, don’t click on any links in the email).
4. Use Closed Systems. Try to restrict the places where you store private data to more secure, closed systems such as the Experience Portfolio that require you to login and don’t grant widespread access to user info.
5. Be Positive. Take advantage of the anti-phishing filters in your email or IM, as well as the positive identification steps that sites like PayPal have taken to help.

Have you been phished? Let us know what happened at contribute@experience.com


Photo by Doubting Augustinus