A-to-Z Index

Computing Homepage

Information Technology Help Desk

Operational Hours and Exceptions

Internet Fraud:

Phishing (as in fishing for victims)


Learn how to avoid fake e-mail and web sites and protect both your JMU and personal accounts. View the video and take the IsItReal? game challenge.

  •  Look Where You're Going - hover over email links to make sure they're pointing to a domain associated with the message. For JMU, that would almost always be jmu.edu. For non-JMU messages, you'll need to acquant yourself with the organizations' official web sites and domains. Online tools can help. If in doubt, don't click.
  • Look Where You're At - if you click a link and get to a web site, look at the browser address bar and make sure it displays a domain associated with the organization you think you're dealing with. For JMU, that would almost always be jmu.edu. For non-JMU organizations, you'll need to acquaint yourself with the organizations' official web sites and domains. Online tools can help. If in doubt, close the browser.

We continue to see increasing numbers of fraudulent e-mail messages trying to convince people to visit fraudulent web sites in order to steal their passwords, bank account numbers, credit card numbers and other sensitive data. Fraudulent messages pretending to be from local banks, such as BB&T, SunTrust, and Wells Fargo, have also been seen.

These scams use e-mail messages to cast a net for victims. They are made to appear as though they come from banks and other businesses you may trust. The messages contain links leading to malicious web sites that duplicate the business' web sites in almost every detail and that ask for passwords, credit card numbers, and other sensitive information useful to criminals. It can be very difficult to tell the difference between an official web site and one set up by criminals to mimic an official one and they are getting more sophisticated.

The face values of web links in email, web sites, instant messages, and other locations cannot be trusted to make critical decisions such as whether to supply sensitive information or download software on to your computer.  They're as useless and as easily forged or disguised as the return address on a post card or the FROM address on an email message.

It is best to avoid typing sensitive data (account numbers, passwords, credit card numbers, etc.) into unfamiliar web sites or those led to by links in unexpected or unusual e-mail messages. It is also prudent to avoid clicking links in such e-mail and instant messages especially those that are blatant spam or phishing messages as they sometimes lead to web sites that will infect visiting computers. For the same reason, it is also best to avoid downloading software from such web sites.

Use a known good web link and/or verify the message contents over a known good secondary channel (phone number, email address, etc.).

General recommendations for handling unsolicited messages can be found on the JMU SPAM web page.

If you receive such a message, you may report it to authorities by forwarding the message, preferably with full mail headers, to spam@uce.gov and/or the owner of the site being forged (e.g. abuse@suntrust.com, abuse@ebay.com, or the address supported for this purpose by the organization).

Can you tell the difference?


Identity Theft Help

If you typed sensitive information into one of these criminal's web sites it is likely the information you provided will be, or already has been, sold or misused. To limit loss in such a case, review the recommendations at the following web sites after contacting the organization whose site was forged.

Issuing a credit freeze at the three credit bureaus may be the most effective financial identity theft protection you can buy. It will prevent people from pulling your credit score which will hopefully keep them from extending credit in your name. You can unfreeze the accounts for a specified amount of time if you are in the process of applying for credit. There are charges associated with both the freeze and unfreeze activity unless you have documented proof of identity theft. You'll also want to be absolutely sure you do not lose the PIN you receive that allows you to unfreeze your account. Be sure you understand the advantages and disadvantages. Here are some sites and articles with more information:

Links to the Credit Bureau sites:

  • Straight Talk about Identity Theft Monitoring Services - Privacy Clearninghouse