Phishing
IT will NEVER ask for your password via email and always communicates systems or account changes in advance.
“A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.”
Source: NIST CSRC Definitions
If you receive an email that you believe to be a phishing attempt or other inappropriate unauthorized use of a College email account, please report this to phish@tcnj.edu
Best practices to avoid phishing email:
• Use common email sense. Period. The main point is, you shouldn’t automatically trust any email message
• Don’t assume that emails from friends or colleagues have safe links or attachments
• Be extra suspicious of emails that relate to current events
• Do your research on emails that request immediate action.
• If there is a Web link inside a message, parse the URL to understand its genuine origin.
• Be careful about providing personal information on social networking sites.
• Be wary of unexpected text messages on your mobile phone.
Examples would be a message from your bank that asks you to update your account information. You click on the link, the legitimate bank site opens, then a page opens up on top asking you for your account info. This info page DOES NOT belong to the legitimate site. If you fill out your personal information and submit it, the info will go to the “phisher” to be sold or used to steal your identity.
Samples
Subject: Mailbox Quota Limit Exceeded
Your mailbox quota limit has been exceeded.
Visit below link to fill-in the re-activation form.
Subject: Federal Tax payment rejected
Taxpayer ID: commensurate-00000700955060US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
To download your tax statement from Internal Revenue Service (IRS) website (click on the link below):
Subject: TCNJ: Verify this email account
TCNJ: The College of New Jersey
Follow the link bellow for faster, better Webmail.