LATTE (course materials)
Library Catalog (books & more)
(databases and articles)
eJournals A-Z (online journals)
Research Guides (subject guides)
Account Tools (passwords & more)
Get Help! (technology and library)
Detecting Email Scams
Email scammers are constantly finding new ways to trick people into giving up personal information. It's important to remain aware of the techniques used, and be wary of any suspicious emails you may receive. If you're unsure you can always forward a copy to firstname.lastname@example.org. Below you can find some common traits found in email scams.
One of the most common practices in email scams is using a deceptive link. Scammers will put a link in the body of an email that appears to go to a trusted source, but actually links elsewhere. For example, here is a link that says www.brandeis.edu, but it actually links to google. Always make sure you know where a link will take you before you click. Hover over the link or check the bottom status bar on most browsers and email clients for true the link location. Scammers can also use link shorteners such as bit.ly or tinyurl.com to create a trustworthy looking link.
IP Addresses in the URL
If you ever see an IP address in the shown or the real URL, be suspicious. For example: http://220.127.116.11 links to the IP address 18.104.22.168 which is the website brandeis.edu. It's unlikely that a trustworthy source is using an IP address instead of a registered domain name.
Untrusted Source Address
If you are unfamiliar with the domain name sending you the message (the part following the @ in an email address, such as brandeis.edu) be cautious. Scammers will often register fake domains for short periods of time, or hijack access to a legitimate domain in order to trick you. You can find out more about who registered a domain name by performing a WHOIS query on the domain.
Passwords on HTTP Website
Websites that request sensitive information such as passwords start with HTTPS:// and websites requesting non sensitive information start with HTTP://. Email scammers often create websites that ask for sensitive information such as passwords and don't bother using HTTPS://. If you see a website asking for sensitive information that is not HTTPS:// this is a red flag that you're looking at an email scam.
Be wary of any email attachments. Make sure they are from a trusted source before downloading or opening them. If you're unsure if the attachment is dangerous try uploading it to virustotal.com where dozens of security programs can test the attachment.
Passwords and Sensitive Information
Brandeis will NEVER ask you for your password nor would any other legitimate business or institution over email. It is important that you safeguard your passwords and never give them to anyone, especially via email.
Obvious Grammatical, Formatting or Spelling Errors
Another important indicator is the general presentation of the email. Email messages that claim to be from a business or reputable source should not contain errors in grammar, spelling or punctuation.
The “Phish Tank"
The information security department regularly shares examples of email scams arriving at Brandeis. Visit the Brandeis Phish Tank to see these examples.