TROY – Going “phishing” these days doesn’t include trips to a favorite pond.

For many students, faculty and staff at Troy University, it means the bait being cast is intended to reel them in.

Over the past several months, internet “phishing” scams have been slamming TROY email users, mostly posing as bank or credit card inquiries in an attempt to retrieve personal information law enforcement officials say can then be used to open fraudulent credit accounts.

“Phishing, also referred to as spoofing, is a variation on ‘fishing,’ the idea being that bait is thrown out with the hope that while most will ignore the bait, some will be tempted into biting,” said Troy Police Chief Anthony Everage.

Much to the enthusiasm of the fraudulent anglers, a number of Troy-area residents have been hooked, netted and fried, he said.

Some of those in recent months have been students and faculty members – victims of phishing and other identity theft schemes, said Dean of Students Herbert Reeves.

“We have that activity going on, and have investigated a number of instances,” he said.

In one of those instances, investigators tracked the identity theft to a medical office. Reeves said that case remained under investigation by local law enforcement.

“The important thing is to know that you shouldn’t respond to something you receive in email asking for personal and financial information,” he said.

University Police Chief Rod Anderson said most of the identity thefts he deals with revolved around individuals making themselves easy targets for thieves.

“We have so many students that make on-line purchases. When they go out on a website and make purchases, they may forget to log out of the screen or fail to turn off the computer. Someone will come behind them and get their personal information,” he said, citing a recent case where one student’s credit card information was used by another party to make unauthorized purchases.

In another instance, a student’s personal information was used to obtain cable TV service. Anderson estimates his department has investigated as many as 15 cases of identity theft in recent months, but that’s just a narrow view of the problem.

“If you count someone having their wallet or purse stolen and their credit cards used to make purchases, that’s identity theft as well. If a student has a dining card stolen, and it’s used to make purchases, that’s using someone else’s identity, too.” he said. “Make sure you secure your personal items, and don’t give out personal information to anybody – not your student ID, driver’s license number, date of birth, or anything.”

That’s a sentiment IT Director Greg Price has been preaching. In an all-users email in March, Price confirmed the phishing.

“Continue to be aware of all unsolicited email messages.  A practice, commonly referred to as phishing, employs the use of bogus email messages and social engineering in an attempt to solicit personal information from end-users,” he said. “Before responding to banking or credit card email messages, consult your financial institution’s website.  The website will have a security section.  The security section will detail the institution’s electronic communications practices.  Most major, US-based facilities do not send email to customers with requests for account information.”

Troy Police spokesman Sgt. Benny Scarbrough said identity theft is a real threat to personal bank accounts. Speaking before Troy Rotarians in April, he said that phishing emails look legitimate.

“They look like they are from legitimate sites,” he said, referencing one supposedly from Regions Bank. “The truth is that if a bank needs verification, they will call you on the telephone and not send a blind email. The bottom line is that these are scams designed to take your money.”

Most major, U.S.-based facilities will not send email to customers with requests for account information, Price confirmed.

“The latest phishing email messages to the Troy network are fairly sophisticated.  The messages request that users verify account information.  The email messages use several common, local bank names.  When a link is selected, the end-user is transported to a bogus site housed in Korea; however, the address bar is very quickly masked with the name of a local banking institution, in an effort to deceive the end-user,” he said.

Bogus Ebay email has also found its way to TROY users, claiming Ebay accounts had been closed to due missing contact information.

“The email messages are cleverly designed.  The header information contains legitimate Ebay abuse tags, as well as properly-forged return information.  Additionally, the email message appears very authentic,” Price said.  “The message requests that you click a link and verify the account information.  The message actually transports the end user to a website called thugz.com.  The site’s appearance is perfectly congruent with Ebay’s account verification site, and even has links to privacy and abuse data.  However, the site is not maintained, or, affiliated with Ebay.  The site’s sole intent is to gather end-user information in an effort to compromise user accounts.”

“Personal information can be obtained in any number of ways,” Reeves said. “With a name and a Social Security number, a thief has all he needs to steal money and ruin peoples’ credit.”

At the University, one safeguard has been the institution of a student identification number that is not a Social Security number.

“I’ve been pleased that students will give their student ID numbers rather than their Social Security numbers when they’re asked. That’s just one way of protecting them from identity theft,” he said.

Anderson agreed, saying the University’s transition away from Social Security numbers was a smart move.

“I think the University is ahead of the game by taking the Social Security numbers off the ID,” he said.

In addition to Anderson’s recommendation, the Troy Police Department recommends five basic steps of protecting oneself against identity theft:

Report an incident or suspected incident to police as soon as you are aware it has occurred.

Don’t give personal information to someone over the telephone or Internet.

Regularly delete cookies and cache from your computer.

Do not have personal checks mailed to your residence - pick them up from the bank.

Learn what phishing and spoofing e-mails are and how they can take advantage of you.

Even with such precautions, Scarbrough said it was difficult for individuals to completely prevent identity theft.

“Nothing will stop it entirely, but knowing what to do and reacting quickly if it does happen can save you a lot of grief and heartache down the road. Check your credit reports on a regular basis to be sure that’s what’s listed is actually yours,” he said.

Reeves said that another common way to avoid losses from identity theft was to take advantage of protection features offered by financial institutions.