To protect yourself against phishing scams, consider the following:
- Rensselaer will never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself.
- Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the Rensselaer's website (i.e., type the real URL into your browser) or contact Helpdesk to see if you really do need to take the action described in the email message.
- Does the message ask for any personal information? (User ID, password, RIN)
- Does the "From" email address look like either someone you know, a business you work with, or a proper RPI email account?
- Are there lots of recipients to whom the email is addressed?
Example of a phishing scam
From: "RPI.EDU SUPPORT TEAM" <supportteam01@UNC.edu> Reply-To: "RPI.EDU SUPPORT TEAM" <firstname.lastname@example.org> Date: Sat, 12 Jul 2008 17:42:05 -0400 To: <"Undisclosed-Recipient:;"@cs.rpi.edu> Subject: CONFIRM YOUR ACCOUNT Dear RPI.EDU email Subscriber Your account was recently signed in from an unknown Location,
CLICK HERE <http://verify.co.in>for verification to avoid account being suspended.
You are to send your mail account details which are as follows: *User Name: *Password: *Date of birth: Failure to do this will immediately render your email address deactivated from our database. Thank you for using RPI.EDU FROM THE RPI.EDU SUPPORT TEAM