Phishing defines phishing as "a term which refers to the online imitation of a company's branding in spoofed e-mail messages and web sites, created with the intent of fooling unsuspecting users into divulging personal information such as passwords, credit card numbers, PINs, etc. A typical "phish" e-mail will appear to come from a financial institution (such as a bank or credit card company), informing the recipient that some type of problem has affected his account and directing him to follow a provided hyperlink to clear up the problem. The hyperlink leads not to a legitimate site, however, but to a server (usually in another country) on which an imitation web site has been set up. The fooled customer is then prompted to enter confidential personal information (collected by the scammers for perpetrating) identify theft and (usually) redirected to a legitimate web site to obscure the fact that he just gave away data to crooks."

Phishing sites can also include malicious elements that are intended to take advantage of web browser vulnerabilities. Even if you don't enter personal information on the spoofed web site, you could be putting your computer's security in danger simply by clicking on the link in the spoofed message. The best way to protect yourself from phishing scams is to never click on the link in an unexpected or suspicious message you receive.

It's a scary world out there! But, with a little know-how, you can minimize the risks...

The Internet has made the world a much smaller place. While its benefits are tremendous, connecting us to others and to volumes of instant information on any subject anywhere in the world, its downside includes dark alleys frequented by criminals intent on harming you, your computer, and/or your information.

In the physical world, it used to be that you knew which dark alleys or bad neighborhoods to avoid. Today the Internet, with all its benefits, has also brought the dark alleyways to your computer. As such, it takes much more vigilance to protect yourself and your computer from would-be criminals.

Some of the risks you encounter simply by surfing the Internet include, but are not limited to: Identity Theft, viruses and worms that infect your computer, spamming, and spyware infections.

So how do you stay safe? Here are some quick tips:

  • Be suspicious of attachments and unexpected e-mail messages.
    • Use antivirus software to scan anything that you receive in your e-mail.
    • True company-based e-mails never send attachments
    • Make sure the link actually goes to their site & not a spoofed one!
  • Be careful about clicking on embedded web links in e-mail.
  • Be cautious about web sites you visit.
  • Don't enter sensitive information on a site you don't trust.
  • Make sure online transactions are actually secure (look for the lock on the bottom right of your browser window).
  • Don't just click on a link, copy it into your web browser and open it that way - that even includes ITS links in the e-mails we send! (online criminals can hijack your web session and take you somewhere else that may only look like the site you intend to visit).
  • Don't click on pop-ups or ads.
  • Be wary of e-mails asking for personal or financial information.
  • Keep your operating system and antivirus software up to date so that your computer can help you in the fight.
  • Don't let your browser be "helpful" by allowing auto fill-out of forms.
  • Use common sense. If it sounds weird or too good to be true, it probably is!
  • Be wary of unsolicited technical advice.
  • Remember, e-mail messages shouldn't be considered secure. Because e-mail can be forwarded to anyone, consider the messages you send public information.
  • Always remember to log-off when connecting to secure web sites such as UCCS Webmail and myUCCS portal. If you do not, the next user of the computer may have access to your data.
  • Public computers may not always be securely configured and pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer.

More tips from the Federal Trade Commission (FTC)

  • If you get an e-mail or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don't ask for this information via e-mail. If you are concerned about your account, contact the organization in the e-mail using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, don't cut and paste the link in the message.
  • Don't e-mail personal or financial information. E-mail is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's Web site, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a web site that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Use antivirus software and keep it up-to-date. Some phishing e-mails contain malicious software that can harm your computer or track your activities on the Internet without your knowledge. CU-Boulder has anti-virus software available for current faculty, staff, and students.
  • Be cautious about opening any attachment or downloading any files from e-mails you receive, regardless of who sent them.
  • Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to  If you've been scammed visit the FTC's Identity Theft website to file a report and learn how to minimize your risk of damage from ID theft.

Content provided by CU Boulder