Helpful Tips for Protecting Your Online Information
Online identity theft often begins with phishing, usually in the form of emails pretending to be from organizations you trust, such as USC. The hijacking of your account credentials through phishing can lead to the theft of your academic, financial, or personal information and can result in your account being used to send phishing attacks or spam.
You can protect yourself by using caution when replying to unsolicited email. Follow these guidelines to protect your personal and financial information:
- Never disclose personal or financial data via email.
- Be suspicious of any email message that contains urgent requests for personal or financial information, even if the message appears to be from a trusted source (PayPal, eBay, your bank, etc.)
- Do not click links in any email messages that you suspect are not legitimate. Instead, open a new browser window and manually type in the official address of the site, as verified from other sources, such as the back of your credit card, communications from your bank or financial institution, or from other published sources. For more information on suspicious links, see Before You Click That Link on the ITS Security Blog.
- Before submitting credit card or other sensitive information online, verify the security of the website by making sure that the web address begins with https rather than http. Traffic is encrypted over https:// connections, whereas traffic is not encrypted over http:// connections.
- Regularly review your bank, credit, and debit card statements to verify that all transactions are legitimate.
- Keep your browser up to date and make sure to apply all released security patches.
You can help combat phishing by sending copies of the original message, including the full message headers, to ITS.
The full headers of the original message contains details about the source of the message and will help ITS to more effectively investigate and block phishing.
Step-by-step instructions for forwarding email headers are available on the Reporting Phishing page on the ITS website.