Phishing - 43 Resources

Overview
Publications (31)
Presentations (6)
Blogs (6)

Overview

Introduction

Phishing attacks use e-mail or malicious websites to solicit personal, often financial, information. Attackers may send e-mail seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

For more examples of what campuses are doing to combat phishing attacks, visit the Higher Education Information Security Council (formerly the Security Task Force) blog announcement, "Protecting Your Institution from Phishing Attacks: Education and Awareness Resources". Additional materials are being compiled for the Cybersecurity Awareness Resource Library. Contact security-council@educause.edu if you would like to contribute additional resources.

University Websites on Phishing

Posters, Brochures, Bookmarks, and Postcards

Are You Secure (Illinois State University)
Avoid Getting Hooked by Phishers (National Consumers League)
Avoiding Identity Theft Online: Detecting Online Scams and Phishing (RIT)
Be Prepared: Phishing Attacks (Louisiana State University)
Beware of the Phisher and He Just Made His Biggest Catch...You and (Ohio State University)
Beware of the Phishing Scam (Indiana University)
Beware Phishing: Don't Get Hooked (University of New South Wales)
Don't Let Phishing Scams Reel You In and Phishing: Don't Bite (University of Chicago)
Technology Quick Start Guide (Illinois State University)

Quizzes and Games

Carnegie Mellon University's Anti-Phishing Phil Game
Microsoft Quizzes: Phishing Basics 1 and Phishing IQ Test II
OnGuard Online Phishing Scams Quiz
SonicWALL Phishing and Spam IQ Test

Videos

Additional Resources

FTC Consumer Alert: How Not to Get Hooked by a "Phishing" Scam
OnGuardOnline.gov's Quick Facts about Phishing
SANS OUCH!: Security Digest - OUCH! is the first consensus monthly security awareness report for end users. It shows them what to look for and how to avoid phishing and other scams plus viruses and other malware -- using the latest attacks as examples. It also provides pointers to great resources like the amazing Phishing Self-Test.
Anti-Phishing Working Group - The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing.
Digital PhishNet - An antiphishing group that includes companies such as Microsoft Corp., America Online Inc., VeriSign Inc. and EarthLink Inc., as well as government agencies such as the FBI, the U.S. Secret Service and the U.S. Postal Inspection Service.
Avoid Getting Hooked by Phishers! - Internet fraud tips from the National Consumers League's Internet Fraud Watch.
Phish Report Network - The Phish Report Network (PRN) enables companies to reduce online identity theft by safeguarding consumers from phishing attacks. As the first worldwide anti-phishing aggregation service, the Phish Report Network provides subscribers with a mechanism for staging a united defense against phishing.
PhishGuru.org - PhishGuru (managed by Carnegie Mellon University) is an email-based anti-phishing training system in which training messages are designed to look like phishing messages. When users "fall" for the messages, this site takes advantage of the "teachable moment" and immediately teaches users how to avoid falling for real scams. PhishGuru effectively teaches people what cues to look for to distinguish scams from legitimate email.
PhishRegistry.org - PhishRegistry.org is a free resource provided by CipherTrust, Inc. to help businesses know when they are at risk of being phished. PhishRegistry.org monitors the content of a Website and provides notifications of online fraud attempts.
PhishingInfo.org - PhishingInfo.org shows users how phishing works, how to protect yourself, and where to go for help. It also provides links to research reports and educational materials.
Microsoft Phishing Filter (for Internet Explorer 7)

On the Internet, phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient. <p> Phishers use any number of different social engineering and e-mail spoofing ploys to try to trick their victims. In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. <p> Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice some to bite. The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the Web site of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to uce@ftc.gov or call the FTC help line, 1-877-FTC-HELP.

Publications (31)

EDUCAUSE publications address a diverse range of professional challenges in higher education IT, from updates on current developments to explorations of important overarching issues. Listed below are the full range of research, reports and other publications that EDUCAUSE and its members have written about Phishing.

Item ID	Title	Resource Category	Pub Date	Views
CSD3590	MailFrontier Phishing IQ Test II Certification, Education, Training and Tutorials	Community Recommendation	01/01/2004	2,186
CSD3617	A Collective Net to Catch Phishers Sarah Lacy Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,169
CSD3638	New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites Larry Seltzer Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,130
CSD3644	Firefox Phishing Vulnerability Discovered Ingrid Marson Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,045
CSD3652	Global Phishing Scam Rumbled John E. Dunn	Community Recommendation	01/01/2005	1,592
CSD3664	Phishing: An Emerging Trend in Identity Theft Government Documents, Laws, Testimonies or Reports	Community Recommendation	01/01/2004	2,328

Presentations (6)

Stepping away from the distractions of normal routine to meet with peers, share experiences, and learn together can be invaluable. EDUCAUSE places great emphasis on the face-to-face meeting experience, offering you numerous opportunities throughout the year to gather with colleagues - from small regional events and special topic meetings to large, national conferences covering the full spectrum of roles and issues important to higher education. For more information on EDUCAUSE conferences and seminars, please see our Frequently Asked Questions page. Listed below is the full range of presentations EDUCAUSE and its members tagged with Phishing

Item ID	Title	Resource Category	Pub Date	Views
SWRC09_48189	Beating a Dead (Trojan) Horse: Finding New Ways to Communicate the Same Security Message Marc Scarborough, Carlyn Foshee Chatfield, Carolyn Ellis, Steve Arnold and Annette Evans Presentations/Speeches	Southwest Regional	02/24/2009	724
SEC08052	Botnets and the Army of Darkness Craig A. Schiller Presentations/Speeches	Security Professionals Conference	05/04/2008	272
SPC0603	The Phishing Ecosystem: Analyzing the Dynamics for Maximum Defense Tracy S. Holt, Cathy Hubbs and Andrew Klein Presentations/Speeches	Security Professionals Conference	04/11/2006	2,912
CYB07002	The Commercial Malware Industry Peter Gutmann Presentations/Speeches	Cybersecurity Summit	02/22/2007	2,040
SPC0626	Winning the Battle Against Cyber Criminals Dan Larkin Presentations/Speeches	Security Professionals Conference	04/11/2006	3,225
SEC09_170525	Soft-Selling Tough Issues Presentations and Seminars	Security Professionals Conference	04/22/2009	258

Blogs (6)

EDUCAUSE hosts a number of blogs for its members. To view a list of all our blogs, click here.

Title	Blogger	Posted	Views
Social Networking Security: Social Anxiety	Valerie M. Vogel, EDUCAUSE	08/07/2009	278
Internet Crime Jumps 33 Percent- Good Time To Evaluate Your Campus Security Site?	Anna Gould, EDUCAUSE	04/01/2009	665
Protecting Your Institution from Phishing Attacks: Education and Awareness Resources	Valerie M. Vogel, EDUCAUSE	08/26/2008	634
FTC SPAM Summit Explores Next Generation of Threats and Solutions	Rodney J. Petersen, EDUCAUSE	07/24/2007	4,854
EDUCAUSE Security Professionals Conference 2006. Summary: The Phishing Ecosystem: Analyzing the Dynamics for Maximum Defense	Lida L. Larsen, EDUCAUSE	04/25/2006	4,103
EDUCAUSE Security Professionals Conference 2006. Summary: Winning the Battle against Cyber Criminals	Lida L. Larsen, EDUCAUSE	04/25/2006	4,874

Do you have a great resource that should be listed here? Email contribute@educause.edu with your recommendation!