Malicious Email

Print PDF

Identifying scams, phishing attempts, and other malicious email:

• If IITS asks for you to take action, we will reference a page on our secure web site. This will help you determine whether an email that appears to come from IITS is legitimate. How can you tell the site is secure? Notice that the URL begins with HTTPS and that your browser displays an image of a padlock on the URL line or the status bar, indicating the site is verified and encrypted.
• Verify email requests. In a phishing attack, somebody pretending to be a trustworthy source tries to trick you into revealing sensitive information such as email passwords or bank account information. Common phishing attempts come from sources pretending to be IT departments, banks, government agencies and Internet Service providers. Confirm any suspicious email messages by phone, a secure web site, or other trusted contact information. Do not open attachments, click on web links, or reply to bogus emails; instead, delete the message.
• Be selective about the web links and attachments you open. Attachments and web pages can house malicious code, leaving your computer vulnerable to viruses or remote attacks. Although an email or web site might seem very official, emails and web pages can be spoofed.
• Never send passwords or other sensitive information via email. Email is not secure. It is against IITS policy to request your password or other sensitive information via email. In fact, reputable sources should never ask you to send sensitive information by email.
• If you accidentally reply to an email requesting your Haverford account password, reset your password immediately. Our password changing tool is on our secure web site. Note, the Computing Center will reset your password if we learn that you responded to a phishing email. If you have trouble accessing your email account, please call the ProDesk.
• Be alert to unusual computer behavior. If you notice anything unusual, such as the wrong name appearing in your email account, your computer running unusually slow, or your browser loading the wrong web pages, please contact the ProDesk immediately. These are common symptoms of a compromised computer or email account.
• Use common sense. There are many other potential email hazards. Be wary of get-rich-quick and quick-fix emails. If you have any doubt about a message, check with IITS.

Still unsure? The ProDesk is happy to answer your questions!