Spoofed Messages & Phishing

phishingmail

View additional resources about Information Security

Spoofed messages  are a kind of spam designed to look like they originated from a person or organization you could be familiar with. A spoof could also be a message that looks like it was meant for someone else but was sent to you by accident, or a returned e-mail that appears to have originated with you but contains a message you didn’t send.

Many spoofed messages are harmless. However, a message designed to get you to provide personal information, or download software that will steal that information from you — a tactic often referred to as “phishing” — is a particularly dangerous kind of e-mail spoof because cyber criminals can use your sensitive information to steal your identity, your personal information, or your financial assets

*NOTE: If you are unsure whether an e-mail is real or if you receive an e-mail message that is abusive or harassing in nature, report it to abuse@bu.edu. If possible, it is helpful to include full headers when forwarding a message.

What does a phishing e-mail message look like?

Phishing e-mails and the links contained in them typically ask for personal information such as

  • Name
  • Social security number
  • User name
  • Password
  • Credit card information

Examples of Phishing E-mails

How Can I Protect Myself from Phishing?

If an e-mail asks for your password, it is a scam. Delete it!

Remember, Boston University will never ask for your login and password information via e-mail.

A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information in this format.

Don’t follow links, and never provide personal information.

You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.

You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam.

Don’t open attachments that you weren’t expecting.

Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.

Filter out spam.

Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam.

When in doubt…

If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to abuse@bu.edu. If possible, it is helpful to include full headers when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.

If it’s too late…

If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.

Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or bumchelp@bu.edu.

Phishing Resources

FraudWatch International Phishing Alerts

FBI New E-Scams & Warnings