How to avoid "phishing" scams

Your login information -- your user name and password -- can be subject to "phishing" attempts. These can be best described as emails sent to you that appear to be official messages from the Physics & Astronomy Help Desk, asking for information about your account.

But they're not what they seem to be. They're fake messages from computer "hackers" who want to steal your login information.

Simply put, the most important advice we can provide is this:

Do not click on a link that tells you to type your password.

We will never send you an email asking you to do this.

Even if these emails claim to be from Physics & Astronomy Computing and IT Support, even if they include something that looks like our department website logo, and especially if they ask for your login credentials, these are attempts by people outside our network to get enough information from you to break into your email account.

Once outside hackers gain access to your email, they can block your ability to login. They can use your account to send spam messages to the world. They can send emails to your contact list, using your identity, to ask for money.

If hackers gain access to your email account they have the ability to completely disrupt email services for the entire department.

Be suspicious if you receive an email with any of the following:

  • Requests to update your email account by clicking on a link
  • An attachment, such as a PDF file, that once opened includes a link to click to update your account
  • A "From" line that includes a non-Physics & Astronomy email address (gmail, yahoo. etc.) or has an obscured, generic "From" line, e.g. "Email Support" or "Computing Services"
  • Wording such as: "Failure to update your account will result in suspension of your email privileges"
  • Poorly worded or ungrammatical English
  • Requests that ask for your password to verify your identity
     

Any of these are red flags that something is not right with the email.

To see some real examples of suspicious email sent to Physics & Astronomy accounts, and to better recognize the warning signs, read more here.

The Computing and IT Support Group will never send you an email asking you for your password. If someone does so, you can be sure that the email is not legitimate.

If someone or something you've never seen before asks for your password, you can verify the request via our helpdesk.

Copy and paste the email into the ticket and ask us to verify whether it has come from the Computing and IT Support Group. We will be able to confirm whether it's an official email from Physics & Astronomy.

If your account is compromised, we will disable it immediately without any warning to you.  We will try to get in contact with you, but sometimes we don't have any other means.  If you find your account is suddenly inaccessible, please open a helpdesk ticket so one of us can assist you.

Until then, please keep yourself safe and do not give your password to anyone.

An added safety note: Do not re-use old passwords, particularly after your account has been reset after a phishing attempt. Hackers who gain knowlege of your old password may assume you will use it again. Change your password periodically to keep your account safe. If you have trouble remembering new passwords, consider a password management option like LastPass.

If you have any questions, please contact us via a helpdesk ticket or by phone.