We're here to help you identify phishing attempts and to protect your account information.You can always forward suspicious emails to OIT support if you're unsure about the legitimacy of a message. That said, there are also some telltale signs of email scams you can use to keep your personal information safe on the internet.
What's phishing?Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information through emails or instant messages that claim to be from a business or organization you interact with, like your bank, a credit card company or a government agency.
Recognizing phishing attempts
Phishing attempts have been around for years, and you may have seen some targeted at the St. Edward's community. Often, you can recognize a phishing email by the following characteristics:
- It asks for a username and password. No one from St. Edward's will ever ask you to provide your password via email.
- The message usually says you need to "update" or "validate" your account information.
- It might threaten some dire consequence if you don't respond, like that you'll lose your account if you don't verify your information.
- The "From" address is clearly bogus or is clearly not a St. Edward's address. Other times, though, the message may contain a "From" address that looks legitimate. Unfortunately, it can be easy to spoof a sender's address.
- The email itself may contain frequent spelling errors.
- The message directs you to a website that looks like a legitimate organization's site, but it's not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information. If you hover your mouse over the web address (don't click!), you can see the full URL, which is usually markedly different from the real company's web address.
Never give your password out via email to anyone — not us, not your bank, not your credit card company. If you're suspicious of an email and it has a link to a site that asks you to enter your login and password, don't do it. Use the web address you know to access the site, not the link you received in the email. Many phishing attempts make use of company logos to make the site seem legitimate.
What happens when someone replies to a phishing attempt?
Once compromised, your email account can be used to send spam to thousands of people. When that happens, the St. Edward's email domain becomes suspected of being a source of spam and that can lead to all @stedwards.edu accounts being blocked by other email providers.
If you answer a phishing email to your St. Edward's email account, your account will be blocked. You will not be able to log in and check email until you reset your password.
Internet safety tips
- Be suspicious of email attachments from unknown sources.
- If you suspect the message might not be authentic, don't use the links in an email to get to any web page. Instead, call the company on the telephone, or log on to the website directly by typing in the web address in your browser.
- Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know. This is known as "spoofing" a sender's address.
- Install all Microsoft security updates.
- Update your anti-virus protection weekly.