How to Avoid Phishing Scams

Objective

Avoid Phishing

To protect yourself against phishing scams, consider the following:

• Rensselaer will never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself.
• Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the Rensselaer's website (i.e., type the real URL into your browser) or contact Helpdesk to see if you really do need to take the action described in the email message.

Red Flags

• Does the message ask for any personal information? (User ID, password, RIN)
• Does the "From" email address look like either someone you know, a business you work with, or a proper RPI email account?
• Are there lots of recipients to whom the email is addressed?

Example of a phishing scam

From: "RPI.EDU SUPPORT TEAM" <supportteam01@UNC.edu>
Reply-To: "RPI.EDU SUPPORT TEAM" <spupportteam@info.lt>
Date: Sat, 12 Jul 2008 17:42:05 -0400
To: <"Undisclosed-Recipient:;"@cs.rpi.edu>
Subject: CONFIRM YOUR ACCOUNT

Dear RPI.EDU email Subscriber

Your account was recently signed in from an unknown Location, 
CLICK HERE <http://verify.co.in>for verification to avoid account being suspended.
 
You are to send your mail account details which
are as follows:

*User Name:
*Password:
*Date of birth:

Failure to do this will immediately render your email address deactivated from our database.

Thank you for using RPI.EDU
FROM THE RPI.EDU SUPPORT TEAM