Phishing and Fraudulent Email

Telling the difference between a legitimate email, message or popup and a fraudulent one is not easy. Vigilance is needed to carefully review who is sending the message, the address that the message actually came from, and what the message says or is asking for. Some common methods of identifying phishing or fraudulent email include messages that contain some of the following elements:

  • Claims to be from a company or vendor that you do not have an account with
  • Illustrating a heighten urgency of the request
  • Unable to communicate in person or voice call, requesting a cell phone number to continue conversation via text/sms. 
  • Spelling or grammatical errors in the subject line or text
  • Vague references in the subject line or text, such as ‘RE: Your Account’ or ‘Dear Valued Customer’—if they know you have an account, they should know who you are
  • Requests for unnecessary or irrelevant information (such as a date of birth)
  • URL/website links within the message, such as unnamed (direct IP address, i.e. http://10.42.107.92) and manipulated or invalid host names (the name does not match the vendor’s or has been manipulated)
  • Requests to transfer money or purchase gift cards
  • No clear purpose at all – i.e. “do you have a minute?” 

Test yourself by taking a simple online test.

If you receive a message that you believe is fraudulent and you do not know the sender, delete it. If you do know the sender and are suspicious about the message, contact the sender directly (at an address or phone number that you know) to verify the authenticity of the message – do not reply to the suspicious message.

If you think you may have accidentally responded to or fallen victim to a phishing attempt, make sure to immediately change any accounts or passwords that may have been compromised. If it is a Colby account, follow the instructions to change your password here: www.colby.edu/password. If it is a vendor (bank, credit card, online merchant) account, contact that vendor to have your information changed.

If you receive any email or other message on your computer requesting personal information (such as an account name, password, date of birth, or social security number), please review the following information before continuing any further. Always remember that Colby Information Technology Services (ITS) will NEVER request your personal information over electronic mail. Furthermore, you should always avoid sending any personal information via electronic mail.

As always, if you have questions about email fraud or computer security, contact the appropriate Colby ITS Support Center at support@colby.edu, 207-859-4222 or stopping by Lovejoy 146.