Publication Date: June 2006
Author: Katie Blot, Chief Information Officer
Summary: Security Alert -- Protect Against Identity Theft and Other Scams
Posted on 06-20-2006
We would like to take this opportunity to ensure that all of our Federal Student Aid partners are aware of the worldwide growing identity theft scams such as Phishing and Pharming.
Department of Education and Federal Student Aid users are not immune to these scams, and we urge you to review carefully the information and advice contained in this announcement and to share it with your staff as appropriate.
What is Phishing?
Phishing is a fraudulent, spoofed e-mail that looks like someone you do business with sent it. It will usually include official logos and look very authentic. The body of a Phishing e-mail may contain a message requesting that you update, validate, or verify your personal/Privacy Act protected information. The purpose of the e-mail is to get you to disclose personal/Privacy Act protected information such as PINs, social security numbers, account numbers, mother's maiden name, passwords, etc. Some e-mail may also contain links that take you to an "official looking" web site that set up a scenario in which personal/Privacy Act protected information is requested. These web sites may not be legitimate!
Protecting Against Phishing E-mails
To minimize risk to yourself, if you receive Phishing e-mail:
What is Pharming?
Pharming is the next generation of e-mail phishing attacks. However, it is not spoofing an email, it is a URL that redirects you to a fraudulent URL without your knowledge. There are several methods the pharmer uses to accomplish this, all of which are very hard to detect. You might type a valid URL in your browser only to end up at a fraudulent site that looks just like the one you thought you were going to access.
Protecting Against Pharming
To minimize risk to yourself, if you receive a Pharming URL:
Reporting Phishing E-mails and Pharming
If you have already received or replied to a suspected Phishing e-mail that appears to be from the Department of Education, Federal Student Aid, or one of the Federal Student Aid systems or web sites (for example, the Common Origination and Disbursement (COD) web site) soliciting personal/Privacy Act protected information, please contact the Help Desk for that site so staff can investigate the e-mail. If you receive a suspected Phishing e-mail in the future, please also notify the Help Desk for that site.
If you have already received or replied to a Phishing URL or Pharming e-mail that does not appear to come from the Department of Education soliciting personal/Privacy Act protected information, you should contact the legitimate institution by telephone immediately and inform the institution of the e-mail. Attachment A provides additional information related to Phishing scams as well as additional guidance in protecting against them.
To assist you in protecting against Phishing and Pharming scams, we are attaching a document to this announcement for use by you and your staff. Attachment B is a brief summary of information about Phishing in a format that you can use to make copies suitable for posting.
Additionally, we want to make you aware of a Microsoft resource that is available to protect against Phishing scams. To check out the legitimacy of a web site-
This announcement may contain information about commercial entities. Inclusion does not constitute an endorsement by the U.S. Department of Education of any products or services offered or expressed.
We appreciate your immediate attention to this very important issue. If you have any questions about this announcement, contact Robert Ingwalson, Federal Student Aid Chief Security Officer. He can be reached by e-mail at Robert.Ingwalson@ed.gov.