Recognize and Report Email Scams
Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account."
Challenge
The IRS needs your information now! A friend or colleague shared a document with you! Your account will be shut off! Is the email real? How do you know?
Email scams (known as phishing) are a common method to trick you into visiting a fraudulent website, opening an infected document, or logging in to "validate your email account." These emails, websites, documents, or login pages may be obviously fraudulent, or may look exactly like the University's login page. Higher education institutions are popular targets for these scams.
Solutions
Recognize Email Scams
- From official-sounding senders like “UMN Edu Team,” “Service,” “HelpDesk,” “Customer Service,” or even a colleague, professor, or friend.
- Include threats of dire consequences if you don't act quickly. You are asked to pay ransom to access your data.
- Links to a login page that may or may not look exactly like the University's login page but the web address does not end in .umn.edu or may be shortened by services like TinyURL.
- May ask you to open a shared document you may or may not be expecting.
- May ask you to bypass policy/procedures.
- May ask you not to tell anyone.
- Learn to recognize the difference between fake and official University Google login page
- Learn what to do with SPAM-unsolicited commercial email
What Not to Do
- DO NOT give your passwords and other sensitive information to an unverified party online, over the phone, or in person.
- DO NOT click any links contained in the message.
- DO NOT open any attached files or shared documents.
- DO NOT provide personal information such as passwords in a reply to an email.
- DO NOT submit passwords through Google Forms.
- DO NOT violate policy.
Report Email Scams
- Check the examples on the Phishing Scams Targeting the University blog.
- If in doubt, reach out! Ask for a second opinion ([email protected]). Forward the original text of scam email to [email protected] (include email headers if possible).
- The report in Gmail (select the “Report spam” button or “More” and then “Report phishing” option; this helps to educate Google).
Take Immediate Action If You Think You Are a Victim
- If you responded to a scam email or clicked on a link, immediately change your University Internet password and account secrets.
- If you opened an attached file or shared document, your files, identity, personal information, or the University’s data may be at risk. Contact Technology Help staff.
- Visit identitytheft.gov to learn about immediate protective actions you can take.
Download Handout
Download and post our Recognize and Report Email Scams handout (PDF). It can help you remember how to identify and protect yourself from Phishing scams and identity theft.
Do-It-Yourself Resources
Good Practices
A strong password or passphrase uses a combination of length and character types. Learn what to do and not to do to keep it safe. For extra protection, use two-factor authentication where available.
Challenge...
Get tips on how to choose safe passwords or passphrases, how to keep yourself safe from identity theft, and how you can help protect University information.
Follow a few steps to change your Internet ID password with a Technology Help staff member. If you already have security questions set, you may change it yourself on the Internet Account Options page.
About Us
Information Security Incidents
Report suspected information security incidents, including suspected loss or disclosure of University private data, immediately to [email protected]
Email Scams
...
If you have questions about who is responsible for your data, its security level, and applying information security standards, email [email protected].
Resources
OnGuardOnline.gov provides information on how to reduce the amount of spam you get and how to report non-University related spam to the Federal Trade Commission (FTC).
Resources
The Federal Trade Commission (FTC) provides information on how to recover from identity theft, including who to contact based on what was stolen.
Resources
To avoid the risk of fraud and loss of money, follow these best practices when making tuition payments. Resource from University vendor Flywire. Learn more at isss.umn.edu/new/tuition.html.