Phishing ScamsCIS will NEVER ask you for your password, and you should never give your password to anyone. Ignore any email message asking for your password.
Phishing is a scam where fraudsters attempt to trick users into divulging personal or financial information such as usernames, passwords, social security numbers, birth dates, pin numbers and credit card/account numbers. Many phishing attempts come as email, but other forms include phone calls, text messages, and web browser pop-ups.
Phishing scams attempt to look like legitimate messages from a trusted party such as a financial institution, credit card company, or even Computer User Services here at Reed. Many are emails asking you to urgently update your account or verify your identity. The email may contain company or college logos and a seemingly legitimate link to a website identical to that of the claimed sender. Don't take the bait or your personal information will be at stake!
- Never reply to a suspect message!
- Don't click on the web link or use the phone number provided in the message
- Hover your mouse over the link in the message and see if it redirects you to a different website. If so, be suspicious.
- Confirm the legitimacy of the message through other means:
- Use an existing bookmark or manually type in the known web address yourself
- In the case of a financial institution, use the customer service phone number listed on your paper statement or on the back of your credit card
- Always use a secure website when submitting credit card numbers or other sensitive information in a web browser (look for a security lock in the address bar and a URL that starts with "https://")
- Check the validity of a website using Google's Transparency Report tool: https://transparencyreport.google.com/safe-browsing/search
- Check statements regularly for unauthorized transactions
- Use different passwords for each account that is tied to financial or sensitive information (ie, banking, credit cards, etc).
In Gmail (mail.reed.edu), view the offending message. In the top right of the message screen, you'll find an arrow (the "Reply" button) and to the right of that is a set of three dots. Click this to access an options menu, and select the "Report Phishing" option.
For more information, please visit our webpage on reporting spam and phishing scams.
Here are a few steps you can take to protect yourself against attacks directed at the Reed Community.
- If you notice a suspicious link, hover your mouse over it so you can see the full URL.
- Look for a lock symbol when accessing or using any sensitive information, such as your login information or your credit card information.
- Most browsers use this as a way to indicate that the website has a https:// address. This is a way for browsers to let you know that the website is secure. You can confirm this at the start of the URL as well by looking for https:// at the strart of your URL.
- Next, notice the end of the first section of your URL. If you are linking to a secure Reed website this should include a prefix ("idp" in the example below), followed by ".reed.edu". If your URL is in another format, it is not likely an official Reed link and should be reported as phishing.
- The rest of URL can contain other sections and text, but it is best practice to make sure they are related to the where you intended to link to.
CIS posts current phishing examples on our threats webpage.
We are now seeing fairly convincing phishing scams targeted directly at the Reed community. View some examples of these phishing attacks.
If you ever have doubt about the legitimacy of a message you have received, contact Computer User Services at x7525!
Phishing Examples: Phishing emails and messages that have targeted the Reed community
Identify Email Attacks & Hoaxes: Guidelines to follow when you suspect email viruses, worms, spam, or other attacks
Anti-Phishing Training Game: An interactive game that teaches you how to identify phishing emails
FTC: How to Not Get Hooked By a Phishing Scam
FTC: Identity Theft
Check the Validity of a Website: Google's Transparency Report tool lets you see if a website is legitimate and safe to use
If you have questions or concerns, email the CUS Help Desk or call us at x7525.