Chief Information Security Office Marc Scarborough warned the Rice community about phishing emails in a campuswide notice March 18 to help them avoid becoming a victim.
“With income tax forms due in about a month, criminals are taking advantage of the opportunity to commit tax fraud by stealing confidential information via cleverly disguised ‘phishing’ emails,” Scarborough said.
He noted that staff members with access to W-2 forms have recently received a phishing email that looks like it came from someone at Rice asking for confidential financial information about some employees. “But the email was actually from an outsider who probably intends to use that information to submit fraudulent tax forms,” Scarborough said.
The “from” address in the phishing email had been forged to show someone’s rice.edu email address, but replies to that email would go to an external address, Scarborough said.
“Please remember that confidential and sensitive information, including employees’ W-2 forms and Social Security numbers, must always be protected,” he said.
He reminded employees that if they are ever asked for confidential or sensitive information via email and need to provide that information by email in return, they should do the following:
* Call the sender to verify that the request came from that person.
* Encrypt the confidential information before sending it. (For instructions on how to encrypt information, go to http://bit.ly/1TSFY8o.)
* Do not include the password in the email with the encrypted attachment. Instead, call the recipient to relay the password.
Scarborough said phishing refers to Internet scams in which someone impersonates a business to trick you into giving out personal information by clicking on links or responding to an email. Employees and students who have a question about an email or suspect an email is a forgery — or who realize they have fallen for a phishing scam — should notify the IT Help Desk as soon as possible at 713-348-HELP or help@rice.edu.
Leave a Reply