What is Phishing?
Phishing scams are attempts by hackers and cyberciminals to steal personal information or hijack computing resources for nefarious purposes. The most common (and most successful) phishing scams are emails that appear to come from a legitimate source (for instance, APU Help Desk, your bank, eBay, PayPal), which contain a link that directs you to equally legitimate-looking web pages. These emails almost always ask you to verify some detail about your account by going to this legitimate-looking web page and entering your account credentials or other personally-identifiable information.
If you provide personal information on these sites, you risk losses through fraudulent use of your credit cards or bank accounts, even full-blown identity theft. If you give out your APU NetID and Password, you're giving out easy access to the entire APU network. More often than not, this results in APU network resources being used to distribute spam, which in turn leads to email from apu.edu being blocked by ISPs and major companies. This means that until the particular situation is discovered and rectified by APU and resolved, anyone with an email address in the domains that have blocked apu.edu will not receive email sent from Azusa Pacific University.
The reality is that no bank or other financial institution, or the APU Help Desk, or Microsoft, is going to send this kind of request by email, because they know that it's an insecure way to transfer confidential information. These emails and websites are simply fronts for stealing your identity or using your computer's processing power to send spam. If no-one ever believed them, they would stop sending them. But because there's always someone who acts on these requests, they keep coming.
What You Can Do
To avoid becoming a victim of a phishing scam, just stop and think any time you find yourself tempted to click on a link in an email.
- Does the email contain spelling mistakes?
- If you hover your mouse over the link, does it display a different URL than you would expect from that sender?
- Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with "https://" ("s" for secure) rather than the usual "http://". Look also for a lock icon on the browser's status bar.
- And never, ever volunteer your APU NetID and Password in an email.
Additionally, a suspected spam/phishing email can be forwarded to firstname.lastname@example.org for verification.
Keeping your antivirus software up-to-date will go a long way towards protecting you against phishing attacks. Educate yourself about identifying fraudulent messages - check out these games and quizzes for a fun way to learn more:
If you do accidentally send your APU NetID and Password via email, immediately change your password in the Account Center and call the Help Desk at (626) 815-5050 so they can take action to prevent problems.
What APU is Doing to Help
Google's spam filtering uses a variety of mechanisms to identify and block messages containing certain key words and phrases that indicate spam, and to lock accounts out of the network that appear to be being used for spamming. Google's spam filter also makes extensive use of Real Time Black Lists also known as RBLs (independently-maintained lists of IP addresses known to regularly send spam). If any organization does block the apu.edu domain, IMT reaches out to them to re-establish a connection; and is continuously updating anti-phishing strategies to best protect everyone.
Last Updated: 07/17/15