Information Technology Security

What is "phishing"?
Phishing (pronounced the same as "fishing") is a practice of some computer criminals (here we'll call them "phishers"). A phisher sends out emails that are designed to trick the recipients into divulging sensitive information, such as Social Security Number, credit card numbers, bank account numbers, or passwords.

How can I recognize a phishing e-mail?
Learn from examples. See our Threats web page for many samples of past phishing emails received by USC email users.

How has phishing affected USC?
Phishers have often targeted USC email accounts with their scams, trying to convince recipients to reveal their email passwords. If even one person out of thousands falls for the scam, and sends their password, the phisher can then use that account to send thousands of spam or phishing emails. When major email services (AOL, GMail, Yahoo, Hotmail, etc) detect spam or phishing e-mails coming from our mail servers, they block us. Then no USC email accounts can send mail to these destinations until they remove their block.

What is USC doing to combat phishing?
University Technology Services (UTS) is responsible for maintaining email services for most of USC. In response to an increase in phishing attacks, UTS has implemented the following countermeasures:

• User Awareness Campaign:
  The poster shown below is being distributed around campus.
• Phishing Email Tagging:
  Phishing e-mails cannot be detected with 100% accuracy through automated means, and therefore blocking is not feasible. Instead, UTS is now automatically tagging any suspicious e-mail as "POTENTIAL PHISHING ATTEMPT" in order to warn the recipient.
• phishing@sc.edu:
  UTS is monitoring this email address. Users who receive phishing emails are encouraged to forward them to this address.