Don't take the bait! This page shows example email threats, such as phishing scams, that you should avoid. Phishers are fishing for your personal information, such as passwords and credit card numbers. Never provide this information by replying or following links in the email. Under no circumstances will CUS or other members of the CIS department ask for your password. If in doubt about the legitimacy of an email, contact CUS. To learn how to keep yourself protected, visit our phishing page.
To report a phishing scam you receive, email it (with full headers) to firstname.lastname@example.org.
Google Doc scam - Posted
Be careful with emails from people you don't know linking to what purport to be trusted sites. Hover your mouse over the link to see where it really goes! In this case, www.flowersnemotions.com, not Google at all! Phishers also use Google docs to collect names and passwords, so beware of those as well.
From: Matthew Jarvinen <email@example.com>
Date: Mon, Feb 23, 2015 at 7:33 AM
Subject: Important, view attachment
An important document sent to you via Google Docs Apps.
Bank details request - Posted
Phishers will often browse a company or school web page to harvest names of important people at the school, and specially craft targeted emails. Since these are specially directed emails they are called spear phishing.
Hope you are having a splendid day. I want you to quickly email me the details you will need to help me process an outgoing wire transfer to another bank.
I will appreciate a swift email response.
See please. Thank you - Posted
Variations of this email are trying to trick community members into updating their contact information. The link redirects to a "wix.com" website requesting information such as date of birth, username, password, and email address. Do not submit your information!
From: Angelo, Dana
Date: December 20, 2014
To: undisclosed recipients
Subject: See please. Thank you
Please open and update!
Mail News Update! - Posted
Here is another phishing message making its rounds within the community. Don't forget it's easy to spoof the "From" address in a message so don't assume the message is legit even if you recognize the sender's address. The URL in the message actually links to a different non-Reed website (see image below).
From: Reed College <firstname.lastname@example.org>
Subject: Mail News Update!
To: Recipients <email@example.com>
This Email is from Reed College, we will be making some vital E-mail account maintenance to ensure high quality in Internet connectivity in the 2014 fight against spam and improve security, all Mail-hub systems will undergo regularly scheduled maintenance.
To confirm and to keep your account active during and after this process
Kindly Click or copy the Universal Web Link and fill the following
3203 SE Woodstock Blvd, Portland, OR 97202•
Here is what the phish website looks like:
REED College Web Login - Posted
This phishing message is cleverly crafted and at first glance appears to be authentic. The sender name is similar to an actual staff member, and the link redirects to a nearly identical looking Reed Web Login page. Look closely at the URL and you will see it is bogus. Do not be fooled by this one!
From: "Access Services Assistant"
Subject: REED College Web Login
It has recently been observed that some users have difficulty logging into REED College Web. Please use this link to check your access.
If you can't login, contact at firstname.lastname@example.org.
Access Services Assistant
Reed College Library
3203 SE Woodstock Boulevard
Portland, OR 97202-8199
If you follow the link in the message, the website looks like this: