Phishing and the Consequences

Phishing is an online fraud technique used by criminals to entice you to disclose personal information. It is the fastest rising online crime method used for stealing personal financial information and perpetrating identity theft.

Phishers use many different tactics to lure you, including email and web sites that resemble well-known, trusted institutions. A common phishing practice involves spamming recipients with a fake message under the name of a trusted institution. The purpose of this fake message is to trick you into providing personal information.

People who respond to phishing e-mails, and input the requested financial or personal information into e-mails, websites, or pop-up windows put themselves and their institutions at risk. Additional information regarding Phishing scams is available at

Personal risk

  • Phishers can use the data to access a victim’s account and withdraw money or purchase merchandise or services.
  • Phishers can use the data to open new bank or credit-card accounts in a victim’s names, and use the new account to cash illegitimate checks or purchase merchandise.
  • Phishers can install computer viruses and worms on a victim’s computer and disseminate the phishing e-mails to still more people.

Institutional risk

  • When phishers successfully obtain user credentials for some systems, they not only gain access to the accounts that use the credentials, but they can potentially access high-value institutional data such as social security numbers, banking information (such as direct deposit), health information, student data, etc.
  • Internet or financial services companies can blacklist institutions, resulting in reputational damage.
  • When an institution is blacklisted, its ability to communicate with members of the community (prospective students, student athletes, faculty and staff; alumni, partners, friends, etc.) is diminished.
  • We use the valuable time of staff members (IT, legal, HR and financial departments) to address the issues caused by phishing and by blacklisting, rather than applying their skills to more productive work.

Sharing Your Password

Sharing your password with ANYONE is a violation of the University’s Responsible Use policy, and poses a significant risk to you and to the University. (See Responsible Use of IT Resources at

If the OIT receives a report that your account has been compromised, we will block all access (including your own) to your account, and you may be required to visit the OIT Help Desk to request your access to be restored. In addition, an authorized OIT technician may confiscate your workstation(s) for analysis and needed repairs.

We offer a variety of alternate methods to accomplish most tasks that might otherwise require you to share User IDs and passwords. If, for example, your job requires you to have access to your manager’s schedule, or to send email on his or her behalf, the OIT can accommodate this without password sharing. If you have a specific need, please let us know, either via your local IT support persons, or via the OIT Help Desk.

Your Responsibilities

To review your responsibilities in protecting University data, please review the online security training available here.