Phishing

Phishing is a social engineering scheme that tries to get your to give your account information to scammers.

Phishers use the information they receive to steal your identity for use in spamming, fraud, information gathering, and monetary gain.  Phishing is usually done by sending email to many users and asks for account information.  

Wellesley College will NEVER ask for your account information via email, and most companies have steeered away from this practice as well, so if you do get an email asking for your account information from anyone, be wary of complying with the email request!

How to Spot a Phishing Scam

 

  • It asks for your username and password (we will never ask you for your password!)
  • It points you to a weird-looking URL (we use www.wellesley.edu or web.wellesley.edu most commonly)
  • It isn’t signed by a staff member from Library & Technology Services
  • It says something about your quota, upgrading an email server or your account (Google does all of that quietly for us)

Recent Phishing emails at Wellesley

  • Check out the Catch of the Day in the upper right corner of the LTS home page

Steps to avoid being phished 

  • Never respond to emails or pop-up messages that request personal or financial information
  • Be cautious about opening attachments or downloading files from emails you receive
  • Use anti-virus and anti-spyware software and keep them updated
  • Monitor your credit card and bank accounts regularly
  • Confirm that the website you are visiting is secure (URL begins with "https://" and site has a padlock icon in the browser window)

How to report a phishing scam

Reporting a phishing scam email helps LTS and Google act quickly and attempt to stop and block these emails from spreading.  Please follow the directions below to send the information to LTS and to report the email to Google.

  1. Open your Gmail email in a web browser and view the phishing email.
    • Google scans all emails for malware and viruses, and current phishing scams have not included malware or viruses when you just view the email.  
    • DO NOT click on any website links in the email!
  2. Next to the reply button on the left, there is a small button with triangle pointing down on it.  Click on that and select Show Original.
  3. You should now get a new tab that has a lot of text that includes detailed information about the email.  Press Ctrl-A (Windows) or Command-A (Mac OS X) to select all of the text, then right-click on the highlighted text and select Copy.
  4. Create a new email to helpdesk@wellesley.edu, with the subject "Possible phishing scam" and in the body of the email, right-click and select Paste.  This should paste the information from the Show Original window into the email. You can now send the email to the Help Desk and they will investigate it.
  5. Now view the phishing email again, and click on the down triangle again.  This time, click Report Phishing.  You will then be asked if this really is a phishing scam. Click Yes.  This will report the phishing email to Google.

Get more tips from OnGuardOnline.gov

For more information about phishing go to: www.antiphishing.org

Test your phishing IQ -

Take the SonicWALL Phishing Quiz!