There has been an exponential increase in the number of phishing attempts against MU students, faculty and staff, according to the Division of Information Technology.

Despite having tools in place to filter such emails, some still manage to slip through.

“I get emails from the Internal Revenue Service, and I know I have no business with them, so I know that it is a phishing attempt,” said Terry Rob, director of strategic planning, project management and marketing for the division.

The phishing scams are emails from corporations asking for confidential information. The emails will appear to be authentic, even having the company logo, but the hacker, or phisher, controls the account sending the emails.

“If you have no business with the business, you have no business opening the email,” Robb said.

Information gathered via the scam can be used to steal the identity of the person, money from his or her bank accounts or even to send malicious emails and messages from social network accounts.

The best way to avoid getting phished is to delete the email, according to the department. The email can also be sent as an attachment to abuse@missouri.edu, which is checked every day.

Phishing is essentially an identity theft, and it is popular enough on the Internet for Congress to enact federal laws. The penalties for identity theft are a three-year sentence for basic violation and a maximum fine of $250,000 for individuals, according to the American Bar Association.

The Anti-Phishing Act of 2005 was introduced in Congress on March 3, 2005, but it was not enacted. This act would have increased the prison sentence for convicted phishers to five years.

Users can prevent getting phished by turning on the firewalls and updating the anti-virus software on their laptops, among other reasons. More tips are available on the division’s [“Make it Safe” website](http://makeitsafe.missouri.edu/phishing.html).