- Library & Technology
- Hours & Locations
- Help
- Library Collections
- Library Research
- Technology Support
- Getting Started
- Policies
- About Us
- Friends of the Library
Phishing
Phishing is a social engineering scheme that tries to get your to give your account information to scammers.
Phishers use the information they receive to steal your identity for use in spamming, fraud, information gathering, and monetary gain. Phishing is usually done by sending email to many users and asks for account information.
Wellesley College will NEVER ask for your account information via email, and most companies have steeered away from this practice as well, so if you do get an email asking for your account information from anyone, be wary of complying with the email request!
How to Spot a Phishing Scam
- The sender is unknown
If you don’t know the sender, don’t open any attachments or click on any links. - Email contains anonymous greeting
Phishing emails will not usually use your name in the greeting (e.g., “Attention:, Dear Customer, Hello, etc.”). - Email asks for personal information
Sender requests an account number or password, or for you to verify information about your account. - Email has an urgent warning
Urgent tone attempts to scare you into responding without thinking (e.g., by sending information or money or by clicking on a link). - Message is poorly written
Message contains ALL CAPS, spelling and grammar errors, or writing is fragmented.
Recent Phishing emails at Wellesley
-
May 2013: The most recent phishing email that has appeared on campus had the subject "Attention", said that your Mailbox Quota exceeded its size, asked your to re-validate your account, and was signed at the bottom as coming from "Wellesley University". The website links were to various sites that were not on wellesley.edu.
Steps to avoid being phished
- Never respond to emails or pop-up messages that request personal or financial information
- Be cautious about opening attachments or downloading files from emails you receive
- Never respond to spam messages or click an unsubscribe link in a spam message
- Visit banks' websites by typing the URL into the address bar
- Use anti-virus and anti-spyware software and keep them updated
- Monitor your credit card and bank accounts regularly
- Confirm that the website you are visiting is secure (URL begins with "https://" and site has a padlock icon in the browser window)
How to report a phishing scam
Reporting a phishing scam email helps LTS and Google act quickly and attempt to stop and block these emails from spreading. Please follow the directions below to send the information to LTS and to report the email to Google.
- Open your Gmail email in a web browser and view the phishing email.
- Google scans all emails for malware and viruses, and current phishing scams have not included malware or viruses when you just view the email.
- DO NOT click on any website links in the email!
- Next to the reply button on the left, there is a small button with triangle pointing down on it. Click on that and select Show Original.
- You should now get a new tab that has a lot of text that includes detailed information about the email. Press Ctrl-A (Windows) or Command-A (Mac OS X) to select all of the text, then right-click on the highlighted text and select Copy.
- Create a new email to helpdesk@wellesley.edu, with the subject "Possible phishing scam" and in the body of the email, right-click and select Paste. This should paste the information from the Show Original window into the email. You can now send the email to the Help Desk and they will investigate it.
- Now view the phishing email again, and click on the down triangle again. This time, click Report Phishing. You will then be asked if this really is a phishing scam. Click Yes. This will report the phishing email to Google.
Get more tips from OnGuardOnline.gov
For more information about phishing go to: www.antiphishing.org
