Higher education has been identified as a high risk environment for data breaches and potential identity theft. Over the last few weeks, university IT security professionals have seen an increase in the number of PAWS accounts that have been compromised through phishing attempts. NEVER give your account passwords (PAWS, email, etc...) to anyone. ITS will NEVER ask anyone for their PAWS password or other personally identifiable information (e.g. SSN, LSUID) in an email.
Please use the following tips to prevent your account from being compromised.
How to help avoid phishing scams
- Approach links in email with caution. Links in phishing emails will often take you to fraudulent Web sites.
- Don't trust the sender information in an email message. The "From" information could easily be spoofed so that the message looks like it comes from someone you trust, but is really a fake.
- Type addresses directly into your browser or use your personal bookmarks or Favorites. If you need to update your account information or change your password for a site, visit the site by choosing the bookmarked link from your Favorites list or by typing the URL directly into your browser.
- Don’t enter personal or financial information into pop-up windows. One phishing technique launches a fake pop-up window when you click a link in a phishing email message. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to confirm that it is secure.
How to help recognize a phishing scam when you see one
- You have won the lottery: Emails that promise that you've won some type of sweepstakes or lottery are probably phishing scams.
- Misspelled Web addresses: When a web site uses an Internet address (also called a "domain name" or "URL") that is similar to the Internet address of a popular web site or is a common misspelling of popular web site, that could signify a phishing scam. For instance, the correct URL is http://www.chase.com, and the phishing site URL could be http://www.cha5e.com.
- Requests for account information: Scammers often pose as companies, financial institutions, or universities asking for you to log in and change or verify your account information. They ask for you to reply with your account information or lure you to a phishing site that looks legit to record your user name and password as you try to log in.
- Personal donation requests: These scams are known as advanced fee fraud scams, Nigerian e-mail scams, or the 419 scam. Scammers hook you with the false promise of large sums of money for little or no effort on your part. After you are deeply involved in the scam, you are asked to pay certain amounts of money to expedite the process.
Credit Monitor Reminder
Through a special arrangement with Equifax, all current LSU employees and students may register for Equifax Credit Watch for free. LSU community members will be able to actively monitor their credit in order to protect themselves from identity theft and credit fraud. Click here to log into PAWS and sign up for the service. All of the information you provide will be transferred to Equifax through a private, secure connection. For more information go to http://creditmonitor.lsu.edu/.