UW Police are cautioning students to protect themselves from a form of identity theft called "phishing."

Phishing, in which scammers use e-mails and Web sites to obtain personal information from unsuspecting victims, has become the most common type of Internet-based fraud.

UW Police Chief Ray Wittmier explained how these scams work.

Typically, the victim will receive an email that appears to be from a legitimate business, like a bank, saying personal information needs to be updated.

The e-mail will usually provide some sort of plausible explanation for this, for instance, that there is a scheduled software update that necessitates some sort of account verification.

Very often, the e-mail will even claim there has been a breach of account security that requires the customer to re-enter their information, Wittmier said.

"They get you to buy into a concern about identity theft," Wittmier said. "And then they're the ones stealing your identity."

Wittmier said these e-mails will typically contain a link to what looks like a company web page, where the victim is invited to "re-enter" their personal information.

"They'll ask you for a whole range of information, like your Social Security number and your birthday — all the things you would need to steal someone's identity," Wittmier said.

This personal information is then directly sent to the scammer.

Most of the phishing scams target the financial industry – almost 90 percent of all phony Web sites and e-mails come from scammers pretending to be banks, credit card companies or financial firms.

Others claim that the victim has been approved for account credit if they complete an online survey.

Some of these fake Web sites even contain the logos of legitimate businesses, so they can be hard to distinguish from the real thing.

A subtype of this form of fraud is called "vishing".

Vishing schemes operate much the same way, except they use voice-over Internet protocol instead of web pages to obtain the victim's information.

Instead of directing the victim to a Web site, the e-mail provides a telephone number, often a toll free number, for the recipient to call.

These scams are also fairly effective because banking by phone is common so people generally feel comfortable giving information over the phone.

UW police urge students to be aware of the problem and protect themselves from Internet fraud.

Messages that are supposedly from banks or financial institutions that ask for personal information should set off a red flag that something is not right — these institutions already have account info and will never ask their customers to re-submit it electronically, Wittmier said.

One should therefore never use links or telephone numbers contained in e-mails to give personal information.

"I know it's sometimes tempting to sign up for a credit card because they're offering you a free gift or something," Wittmier said. "But you really have to be cautious about what you share and limit how often you put that information out there."

Should you receive such an e-mail, the UW police advise verifying where the message came from by calling the business directly from a number known to be legitimate.

To verify messages from banks, UW police suggest calling the number provided on a bank statement.

For credit card companies, call the phone number provided on the back of a credit card.

If a discrepancy is discovered, report the message to a government authority. Regulatory agencies that specialize in this type of crime are the Federal Trade Bureau or a FBI field office.

Reach reporter Siv Prince at news@thedaily.washington.edu.