Phishing: Why would predators target me?
People often think that phishing is just about email. It’s not. The real goal of a phishing campaign is to harvest your username and password, giving the phishers access to all of the information that you have access to.
You may think, “Well, what information do I have access to that anyone else would want?” Even if you don’t realize it, the answer is “a lot”. For example...
- If you are an employee of UW-Platteville, your username and password provide access to MyWisconsin Portal and subsequently, your W-2s listing your name, date of birth, address, and social security number: everything needed to steal your identity.
- It’s a similar situation for students, whose username and passwords provide access to PASS, the campus database that contains not only your grades and course schedules but also home addresses, financial aid information, social security numbers, and the like.
- Academic advisors have access to student enrollment and grade information. Data that is federally protected by FERPA regulations.
- A faculty username and password could provide someone access to test questions, unpublished manuscripts, or hard-earned research.
- PLUS as an employee – even student employees – your username and password may provide access to University systems with lots of OTHER people’s information. Vigilance is recommended for everyone’s sake.
In short, your University of Wisconsin-Platteville NetID and password are your gateway to more than your Office 365 account, and they are more valuable for phishers than you may realize. Always maintain a healthy dose of paranoia when asked for personal information from a stranger – whether by email, phone call, texting, or even snail mail. And remember – ITS will never ask for your password. Never, ever. Seriously!
Contributed by Valerie Cowling, ITS system administrator