Phishing: Scams in Email
Phishing is a technique that identity thieves use to steal your personal information such as passwords or financial information. Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving up personal information by pretending to make a legitimate request from an organization you trust. Unfortunately, phishing scams can be highly effective.
Phishing can be very easy to spot or it can be surprisingly subtle: if you receive an email or phone call from an institution that you don't do business with, it is usually easy to recognize the message as a phishing scam. However, increasingly sophisticated phishing attempts use emails and phone calls that are crafted to look and sound like an official message from your bank, credit card company, or even Brandeis University. It is important that you learn to spot phishing attempts - no matter who they appear to be coming from - to protect yourself and your personal information.
What information should NOT be sent by email?
Train yourself not to respond to unsolicited emails or phone calls that request sensitive information, no matter how convincing they may sound or how well you think you know the sender. Never send these types of information over email:
- Passwords and other account information
- Social Security Numbers
- Financial information (credit card numbers, bank account numbers, etc.)
- Any information you've used for a password reset question
Note: Brandeis University will never ask you to send your password or to update account information over email.
How can I spot a phishing attempt?
The best way to spot a phishing email is to look for clues that the person or organization sending the email is NOT who they say they are. Learn more about how to spot phishing attempts.
Spotting phishing emails and phone calls is a skill that everyone with an email account or phone number must learn. Remember, email messages can be tweaked to avoid filters; caller ID systems can be spoofed. No technical solution can block phishing attempts 100% of the time.
What should I do when I spot a phishing attempt?
First and foremost, do not click any links or reply back to the email. In most cases, just receiving a phishing email doesn't put you in danger. When you spot a phishing email, inform LTS by forwarding it to firstname.lastname@example.org.
If you are not sure a phone call is legitimate, do not give out any information. You can confirm whether a phone call is legitimate by calling the organization back at a known good phone number.
How can I reduce the amount of phishing emails and spam that I receive?
Don't use your University email address for personal services; a better practice is to use low value temporary email addresses from Gmail, Microsoft, or Yahoo to sign up for non-University mailing lists or services. Apple and Microsoft provide additional advice.
What if I need help determining if an email is actually from Brandeis?
If you are unsure if an email really is from Brandeis University, email email@example.com. When in doubt, please contact us. We would rather help you determine whether or not a message is legitimate than have you deal with the pain of a compromised account.
Where can I find out more about phishing?
To see a list of documented email scams or to see if an email you received is a scam:
To learn how the online community is battling the phishing epidemic:
To take a quiz to help you spot phishing scams:
To help combat the phishing problem by reporting a scam to an online database:
To report phishing emails to the United States Computer Emergency Readiness Team (US-CERT):