Phishing - 43 Resources

Overview
Publications (31)
Presentations (6)
Blogs (6)

Overview

Introduction

Phishing attacks use e-mail or malicious websites to solicit personal, often financial, information. Attackers may send e-mail seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

For more examples of what campuses are doing to combat phishing attacks, visit the Higher Education Information Security Council (formerly the Security Task Force) blog announcement, "Protecting Your Institution from Phishing Attacks: Education and Awareness Resources". Additional materials are being compiled for the Cybersecurity Awareness Resource Library. Contact security-council@educause.edu if you would like to contribute additional resources.

University Websites on Phishing

Posters, Brochures, Bookmarks, and Postcards

Are You Secure (Illinois State University)
Avoid Getting Hooked by Phishers (National Consumers League)
Avoiding Identity Theft Online: Detecting Online Scams and Phishing (RIT)
Be Prepared: Phishing Attacks (Louisiana State University)
Beware of the Phisher and He Just Made His Biggest Catch...You and (Ohio State University)
Beware of the Phishing Scam (Indiana University)
Beware Phishing: Don't Get Hooked (University of New South Wales)
Don't Let Phishing Scams Reel You In and Phishing: Don't Bite (University of Chicago)
Technology Quick Start Guide (Illinois State University)

Quizzes and Games

Carnegie Mellon University's Anti-Phishing Phil Game
Microsoft Quizzes: Phishing Basics 1 and Phishing IQ Test II
OnGuard Online Phishing Scams Quiz
SonicWALL Phishing and Spam IQ Test

Videos

Additional Resources

FTC Consumer Alert: How Not to Get Hooked by a "Phishing" Scam
OnGuardOnline.gov's Quick Facts about Phishing
SANS OUCH!: Security Digest - OUCH! is the first consensus monthly security awareness report for end users. It shows them what to look for and how to avoid phishing and other scams plus viruses and other malware -- using the latest attacks as examples. It also provides pointers to great resources like the amazing Phishing Self-Test.
Anti-Phishing Working Group - The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing.
Digital PhishNet - An antiphishing group that includes companies such as Microsoft Corp., America Online Inc., VeriSign Inc. and EarthLink Inc., as well as government agencies such as the FBI, the U.S. Secret Service and the U.S. Postal Inspection Service.
Avoid Getting Hooked by Phishers! - Internet fraud tips from the National Consumers League's Internet Fraud Watch.
Phish Report Network - The Phish Report Network (PRN) enables companies to reduce online identity theft by safeguarding consumers from phishing attacks. As the first worldwide anti-phishing aggregation service, the Phish Report Network provides subscribers with a mechanism for staging a united defense against phishing.
PhishGuru.org - PhishGuru (managed by Carnegie Mellon University) is an email-based anti-phishing training system in which training messages are designed to look like phishing messages. When users "fall" for the messages, this site takes advantage of the "teachable moment" and immediately teaches users how to avoid falling for real scams. PhishGuru effectively teaches people what cues to look for to distinguish scams from legitimate email.
PhishRegistry.org - PhishRegistry.org is a free resource provided by CipherTrust, Inc. to help businesses know when they are at risk of being phished. PhishRegistry.org monitors the content of a Website and provides notifications of online fraud attempts.
PhishingInfo.org - PhishingInfo.org shows users how phishing works, how to protect yourself, and where to go for help. It also provides links to research reports and educational materials.
Microsoft Phishing Filter (for Internet Explorer 7)

On the Internet, phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient. <p> Phishers use any number of different social engineering and e-mail spoofing ploys to try to trick their victims. In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. <p> Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice some to bite. The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the Web site of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to uce@ftc.gov or call the FTC help line, 1-877-FTC-HELP.

Publications (31)

EDUCAUSE publications address a diverse range of professional challenges in higher education IT, from updates on current developments to explorations of important overarching issues. Listed below are the full range of research, reports and other publications that EDUCAUSE and its members have written about Phishing.

Item ID	Title	Resource Category	Pub Date	Views
CSD5593	Top 10 Threats to Computer Systems Include Professors and Students Jeffrey R. Young Articles, Papers, and Reports	Community Contributions	12/17/2008	601
EPS273	Phishing Prevention and Protection Gary Dobbins Effective Practices	Community Recommendation	01/01/2004	1,561
EQM0526	Monsters in the Closet: Spyware Awareness and Prevention Christopher Sean Cordes Articles, Papers, and Reports	EDUCAUSE Quarterly	01/01/2005	4,613
CSD3713	Rise In Worst Spyware Shows Phishers At Work Gregg Keizer Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,641
CSD3810	Avoid Getting Hooked by Phishers! Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,152
CSD3824	Industry Group Sets Out to Make VoIP Secure Stephen Lawson Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,863
CSD3976	Stanford Professors Offer Password Protection Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,018
CSD4088	Phisher Tales: How Webs of Scammers Pull Off Internet Fraud Lee Gomes Blogs	Community Recommendation	01/01/2005	1,853
CSD4119	Emerging Cybersecurity Issues Threaten Federal Information Systems GAO Articles, Papers, and Reports	Community Recommendation	01/01/2005	3,303
CSD4185	The Economy of Phishing: A Survey of the Operations of the Phishing Market Christopher Abad Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,086
CSD4246	New California Law Makes Phishing Illegal Robert McMillan Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,185
CSD4295	Guilty Pleas in ID Theft Bust Kim Zetter Articles, Papers, and Reports	Community Recommendation	01/01/2005	2,450
CSD3549	Phishing scams: 5 ways to help protect your identity Microsoft Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,635
CSD3550	Alert: Watch Out for "Phishing" Emails Attempting to Capture Your Personal Information Privacy Rights Clearinghouse Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,717
CSD3551	Universities Struggling with SSL-Busting Spyware Paul Roberts Articles, Papers, and Reports	Community Recommendation	01/01/2004	3,186
CSD3552	Phishers Target Christmas Shoppers Robert Jaques Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,325
CSD3553	Phishers Tapping Botnets to Automate Attacks John Leyden Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,304
CSD3554	Phishing on the Increase, Group Says Bob Francis Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,191
CSD3557	Phishing Attacks Skyrocket in 2004 Dan Ilett Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,740
CSD3558	Phishing: You Ain't Seen Nothing Yet Gregg Keizer Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,373
CSD3562	Phishing: What It Is & How to Avoid It NYU Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,473
CSD3563	Phishing Attacks: Don't Let Them Reel You In! Tracey Losco Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,444
CSD3589	Simple Steps to Avoid Being Phished Sophos Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,199
CSD3590	MailFrontier Phishing IQ Test II Certification, Education, Training and Tutorials	Community Recommendation	01/01/2004	2,189
CSD3617	A Collective Net to Catch Phishers Sarah Lacy Articles, Papers, and Reports	Community Recommendation	01/01/2004	2,169

Presentations (6)

Stepping away from the distractions of normal routine to meet with peers, share experiences, and learn together can be invaluable. EDUCAUSE places great emphasis on the face-to-face meeting experience, offering you numerous opportunities throughout the year to gather with colleagues - from small regional events and special topic meetings to large, national conferences covering the full spectrum of roles and issues important to higher education. For more information on EDUCAUSE conferences and seminars, please see our Frequently Asked Questions page. Listed below is the full range of presentations EDUCAUSE and its members tagged with Phishing

Item ID	Title	Resource Category	Pub Date	Views
SWRC09_48189	Beating a Dead (Trojan) Horse: Finding New Ways to Communicate the Same Security Message Marc Scarborough, Carlyn Foshee Chatfield, Carolyn Ellis, Steve Arnold and Annette Evans Presentations/Speeches	Southwest Regional	02/24/2009	743
SEC08052	Botnets and the Army of Darkness Craig A. Schiller Presentations/Speeches	Security Professionals Conference	05/04/2008	274
SPC0603	The Phishing Ecosystem: Analyzing the Dynamics for Maximum Defense Tracy S. Holt, Cathy Hubbs and Andrew Klein Presentations/Speeches	Security Professionals Conference	04/11/2006	2,913
CYB07002	The Commercial Malware Industry Peter Gutmann Presentations/Speeches	Cybersecurity Summit	02/22/2007	2,043
SPC0626	Winning the Battle Against Cyber Criminals Dan Larkin Presentations/Speeches	Security Professionals Conference	04/11/2006	3,226
SEC09_170525	Soft-Selling Tough Issues Presentations and Seminars	Security Professionals Conference	04/22/2009	259

Blogs (6)

EDUCAUSE hosts a number of blogs for its members. To view a list of all our blogs, click here.

Title	Blogger	Posted	Views
Social Networking Security: Social Anxiety	Valerie M. Vogel, EDUCAUSE	08/07/2009	281
Internet Crime Jumps 33 Percent- Good Time To Evaluate Your Campus Security Site?	Anna Gould, EDUCAUSE	04/01/2009	668
Protecting Your Institution from Phishing Attacks: Education and Awareness Resources	Valerie M. Vogel, EDUCAUSE	08/26/2008	643
FTC SPAM Summit Explores Next Generation of Threats and Solutions	Rodney J. Petersen, EDUCAUSE	07/24/2007	4,856
EDUCAUSE Security Professionals Conference 2006. Summary: The Phishing Ecosystem: Analyzing the Dynamics for Maximum Defense	Lida L. Larsen, EDUCAUSE	04/25/2006	4,103
EDUCAUSE Security Professionals Conference 2006. Summary: Winning the Battle against Cyber Criminals	Lida L. Larsen, EDUCAUSE	04/25/2006	4,874

Do you have a great resource that should be listed here? Email contribute@educause.edu with your recommendation!