Fraudulent messages are designed to trick you into entering your password, personal information, or downloading malicious software.
Reading through so many emails and online messages is tiring. When we are tired, we tend to fall back on habits and let our guard down. Don’t let yourself be fooled into giving up your account and personal information. This article provides helpful information on how to recognize phishing and fraud attempts.
The difference between a legitimate email, message, or popup and a fraudulent or fake one is often subtle and hard to distinguish. Vigilance is needed to carefully review who is sending the message, the address that the message actually came from, and what the message says or is asking for.
Here are some common identifiers of phishing or fraudulent email:
- The sender’s name doesn’t match the email address name. A message claiming to be from Morty Mule, whose real address might be mmule@colby.edu, should not appear as coming from “temp20@gmail.com"
- The message was sent from or involves a company that you don’t recognize or don’t have an account with
- Subjects or content that asks you to do something ‘or else’ something will happen; ‘your subscription will auto renew’ or something to convey a sense of urgency
- Subjects or content that are enticing or seemingly alarming—free items or money, job opportunities, and work-related surveys, finances, or complaints
- Vague references in the subject line or text, such as ‘RE: Your Account’ or ‘Dear Valued Customer’—if they know you have an account, they should know who you are
- Shared document alerts delivered by legitimate services (Google Drive, Microsoft OneDrive) claiming to be from someone you know
- Mismatched or odd-looking web URL or links within the message, such as unnamed (direct IP address, i.e. http://10.42.107.92) and manipulated or invalid host names where the name does not match the company’s actual website; ‘ups-tracking.com’ instead of ‘ups.com/tracking.’ Search for the company’s website—if the company’s real website isn’t at the name referenced in the message, the message may be a fake
There are several things that should make you pause before continuing any online message or dialog:
- No one should ever ask you for your password or personal information (date of birth, address, etc.)
- Someone asking to communicate over text or SMS because they cannot communicate in person or over email
- Requests to transfer money, purchase gift cards, or other financial transactions
- Messages with no clear purpose at all—i.e. “do you have a minute?”
Want to test yourself? Taking a simple online test is a great way to see how sharp your fraud-detection skills are.
If you receive a message that you believe is fraudulent and you do not know the sender, delete it. If you do know the sender and are suspicious about the message, contact the sender directly (at an address or phone number that you know) to verify the authenticity of the message—do not reply to the suspicious message or you may get a response from the attacker instead.
If you think you may have accidentally responded to or fallen victim to a phishing attempt, make sure to immediately change any accounts or passwords that may have been compromised, and notify the company managing the account to see if there are additional steps that need to be taken. If similar accounts use the same password, you should change them as well and not use that password again. If it is a Colby account, you may follow the instructions to change your password here: Change or Reset Your Password, and contact the ITS Support Center by phone (not from the suspected compromised account) at 207-859-4222.
If you have questions about email fraud or computer security, contact the appropriate Colby ITS Support Center at support@colby.edu, 207-859-4222 or stopping by Lovejoy 146.