Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History
<< Previous Version 11 Next >>

Q: What is a phishing email?

Answer

Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (e.g., simulated) return address of Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Things to look for to verify the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included to the message
  • A return or reply-to email address that is not from mit.edu. You can view "full headers" to see what is listed as the actual return address.
  • If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory should be a tip off that this would never come from MIT)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response: MIT doesn't do things like this to our community.

Examples of "Phishy" Emails

Emails coming from such spoofed addresses as "network@mit.edu," "support@mit.edu," or "webmail@mit.edu" are asking MIT community members to confirm their email accounts by supplying their username and password.

THESE MESSAGES ARE NOT COMING FROM MIT! They appear to be coming from an MIT email address but are in fact coming from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords.

DO NOT REPLY TO THESE MESSAGES! Just delete them.

To see examples of some of the email messages that are attempting to steal your passwords or other personal information, click here.

To Learn More

There are several ways to hone your skills for recognizing phishing emails. Here are some quizzes that other companies and schools have provided for user education:

If You've Fallen for a Phishing Scam

Change your email password immediately. If you think someone has already gained access to your email account and you are concerned about the privacy of your email contents, contact security@mit.edu, who may be able to do a forensic exam on your account. Hackers have been known to hijack an email account within 30 minutes of receiving a username and password, and using that account to send out thousands of spam messages.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki