Watch out for email scams - don't get phished!

Phishing is the common name for email scams that try to trick you into giving up your account information.  The scam emails usually try to scare you by saying your account will be deleted, canceled, terminated, or you will lose data if you don't login to the website.  When you click on the link, the scam website usually looks similar to a legitimate website and asks for your account information.

If you enter your account information on a scam website, you are giving the scammer full access to your Wellesley account, not just your email.  While they seem to be only using the accounts to send more spam, if they have access to your account, they have access to the following:
  • Your MyWellesley account, which includes salary info, pay stubs, tax information, health information.
  • Your Google Apps account, which they can download your email, contacts, and files in Drive and scan them for personal information.
  • Accounts setup using your Wellesley account will now be accessible to them too.  They look for common popular sites such as Amazon, online banking info, and online credit card info.
  • If you used the same password on other sites, those sites are now compromised too.  Never use the same password twice!

Current email phishing scam - November 2015

The screenshots below are phishing scams that have been sent to Wellesley email addresses, from compromised Wellesley accounts.  Over 100 people with Wellesley College accounts have been compromised since 11/9/15 because they entered their account information in the phsihing scam website below.

Phishing Scam Email Phsihing Scam Email


If you click on the Cancel Account button in the phshing scam email above, you will be sent to a scam website that is very similar to an actual Google login website.  You can see how similar they are in the examples below.  The only difference is that the scam website address is "data:" and the actual website has a lock next to it and starts with "".

Scam website

Actual Google website

A few general rules about emails from Library & Technology Services:

  • ​They ALWAYS address you by your name.  
    • We would never send an email that started with "Hey User"
  • They ALWAYS have a staff member's name in the signature.
    • ​We would NEVER send an email from "Accounts Department INC"
  • Websites that ask for account info will ALWAYS have a lock icon next to the website.
    • Scam websites won't have the lock icon and won't be familiar website names.

How to Spot a Phishing Scam

  • It asks for your username and password (we will never ask you for your password!)
  • It points you to a weird-looking website address (such as or, and not our websites.
    • Only use your Wellesley account on websites that start with or
  • It isn’t signed by a staff member from Library & Technology Services
  • It says something scary, such as deleting, cancelling, terminating, or disabling your account.
    • Your account will only be disabled if your status at the College changes. 


Steps to avoid being phished 

  • Never respond to emails or pop-up messages that request personal or financial information
  • Be cautious about opening attachments or downloading files from emails you receive
  • Use anti-virus and anti-spyware software and keep them updated
  • Monitor your credit card and bank accounts regularly
  • Confirm that the website you are visiting is secure (URL begins with "https://" and site has a padlock icon in the browser window)

How to report an email phishing scam

If you think you have recieved an email phishing scam, here are some things you can do:

Quickly report it to the Help Desk:

  1. Forward the email to
  2. DO NOT click on any of the links or reply to the email until you get a response from the Help Desk.
  3. The Help Desk will respond during their normal hours.

Report additional details of the email to the Help Desk:

  1. When viewing the phishing scam email, next to the reply button on the left, there is a small button with triangle pointing down on it.  Click on that and select Show Original.
  2. You should now get a new tab that has a lot of text that includes detailed information about the email.  Copy all of the text by pressing Control-A (Windows) or Command-A (Mac OS X) to select all of the text, then right-click on the highlighted text and select Copy (or press Control-C / Command-C).
  3. Create a new email to, with the subject "Possible phishing scam?" and in the body of the email, right-click and select Paste (or Control-V / Command-V).  This should paste the information from the Show Original window into the email. You can now send the email to the Help Desk and they will investigate it.

Report the phishing scam email to Google.

  1. When viewing the phishing email, and click on the down triangle and click Report Phishing.  
  2. You will then be asked if this really is a phishing scam. Click Yes.  
  3. This will report the phishing email to Google and put the email into your Spam folder.

Get more tips from

For more information about phishing go to: