Tips for spotting scams

Woman using a laptop computer leaning against a couch with the logo for Secure U overlaid on the image

You know when someone has broken into your car - a window or door is broken, items are missing, your security alarm was set off, or a neighbor reported suspicious activity. But how can you tell if someone is trying to rob you of your online identity or information?

You set up security systems at home, put a lock on your bike, and passcode your phone, all in the interest of keeping yourself, your belongings, or identity safe. But there are many more ways to protect yourself online, and learning how to recognize when you are being targeted is very important.

Digital scams could be in the form of an email, text, phone call, computer malware or popup, and more. Many times, scammers try trick recipients with standard-looking emails or browser pop-ups, which attempt to get you to click links, or voluntarily sign in to share information unknowingly. These scams may look or sound legitimate, which is why they are so sneaky. They may claim to be from the University or a trusted institution like the IRS or Microsoft support. These scams are a common method used to get you to visit a fraudulent website, open an infected document, or log in to “validate your email account.” Some scam attempts, over email, text, or phone ask you to share personal information or make monetary transactions immediately. The truth is, such scams can lead to theft, including data loss and identity theft.

What do they want?

Your data is valuable. Think about all of the bits of information and items you have saved on your phone, your computer, or online… user IDs, photos, or documents for school or work. There are many things tied to your account that would be valuable to a scammer, such as:

  • Personal messages and photos
  • Google or Skype chats
  • Your location and GPS information, which can be used to track or impersonate you
  • Social media account information (Facebook, Twitter, Tumblr, Instagram, and more)
  • Online shopping accounts and passwords (like Amazon or Target)
  • iTunes, Spotify, or YouTube account information
  • Hulu or Netflix account information
  • Bank account or credit card information, that can be sold for credit fraud
  • Email contacts or addresses, which can be used for phishing
  • Google Docs, Sheets, or Slides
  • UMN Box or personal Dropbox files
  • UMN confidential email or sensitive documents that contains private data
  • Passwords
  • … and much, much more

Consider what a scammer could do with this information... they could extract your personal data or photos, know your location or when you will be out of town next, access your financial information to steal from you, spam your work, school, or personal contacts, or even just watch some Netflix on your dime.

How can I recognize a scam?

While it’s true that a scam could be almost anything and they are constantly evolving, there are some helpful hints when trying to identify a message as a scam or phishing attempt:

  • Phishing (scam) emails may appear to come from anyone, including “UMN Edu Team,” “Service,” “HelpDesk,” “Customer Service,” or even a colleague, professor, or friend.
  • The email may include threats or dire consequences if you don't act quickly.
  • The content might include poor spelling, grammar, or formatting that looks unprofessional or suspect.
  • It could include a link to a login page that may or may not look like the University's login page, or could be shortened by services like tinyURL, or look like Google or Dropbox.
  • The message may ask you to open a shared document you may or may not be expecting.

Remember, the University will never ask you to provide your username and password via email.

How can you protect yourself?

It is always important to be cautious when giving out or saving personal information online or over the phone. Here are a few guidelines for protecting yourself from digital scams:

  • When in doubt, throw it out. Delete anything - emails, messages, DMs - that looks suspicious.
  • Create strong passwords or passphrases.
  • Use a different password or passphrase for each account.
  • Change your passwords periodically - when you change your password you assert control over your account.
  • Enroll in Duo Two-Factor Authentication at the University to add an extra layer of protection to your personal information.
  • Stay up to date on popular scams or those targeting the University of Minnesota by visiting z.umn.edu/phishing.
  • Reach out and ask: [email protected].

The best way to protect yourself and your personal information from digital scams is similar to the way you would protect yourself at home or on the road. Be aware of your actions and your surroundings, become familiar with common ways that information is accessed or stolen, and if you feel like something is suspicious or questionable, report it quickly and ask for help.