Beware emails asking for personal information

Western Today staff

December 5, 2012

A friendly reminder from ATUS:

Phishing emails occasionally get through the university's spam filtering systems. Phishing emails are designed to install malware (e.g., spyware, viruses) and/or trick people into providing personal and private information, often usernames and passwords.

The latest example is a message that purports to be from Capital One. The message attempts to get recipients to click on a link that will then infect the users' machines. If you have clicked on the link, update your virus definitions and run a scan immediately. If you have shared account or personal information, contact Capital One at the number on your card to protect your account.

Phishing email messages are designed to look legitimate. You can help protect yourself by following these tips:

  • Do not share your personal invitation electronically (e.g., passwords, PINs, security questions/answers, banking/account numbers, etc.) WWU Information Technology Services will never ask you for your account name and password in an email. Any message that requests such information is bogus. It is also against WWU policy for you to share your password with anyone. A message asking you to change your password through your normal process is very different than a message asking for your password.

  • Remember that the return address on a message can be "spoofed". This means that that the address you initially see may not actually be the source of the message.

  • Do not open email attachments unless you requested it or are expecting it. Just knowing the sender (or thinking you know the sender) does not make the attachment safe.

  • Do not click on links in a message unless requested or expected. Links often point to malicious code that could install malware on your computer.

  • Be on the lookout for subtle language clues. Often these messages will use language constructs that are not typical.

  • If you have any questions about the content or instructions in a message you should always contact the source of the message. Checking a web page, making a phone call, or creating a new message is always safer than replying to a questionable message.

  • If you have responded to a message with your username and password or other personal information, you should immediately change your password and contact the ATUS Help Desk at x3333, or your local technology support staff.