Tuesday, August 20, 2013

Detecting Phishing and Scam Emails


Learning how to discern between legitimate emails and scams is an important skill to possess, and telling the difference can be very straightforward. The most important thing you can do is pay attention when you read emails. Also note that Whitman College will never ask for your passwords, either in an email or in person.  You will always have to type them out yourselves.

A phishing email might ask you to provide sensitive information within the email. Take a look at the following recent email:

This email has not been proofread, this is made obvious by the presence of serious grammatical errors. Secondly, if you hover your mouse over the "click here" link you can reveal the URL it will send you to.  This particular link goes to the following URL:


You do not need to visit this page to know that it’s not affiliated with Whitman College. An official Whitman link will always begin with https://whitman.edu/.  Also, be careful not to click on any of the links given in the email because they might download harmful files onto your computer without your knowledge.  Another clue is that the email has been signed “Regards, Whitman College.” and comes from “notification.alert.online@whitman.edu”. No official email would be so informal and anonymous. Finally, students are on whitmail and not zimbra, so this is clearly a phishing email.  With a little simple detective work, you can avoid phishing and scam emails.

Here are a few more examples where we have highlighted the discrepancies that would tip off a potential phishing or scam email.

If you happen to be a victim of phishing though, you need to change your password so that your account cannot be used. Go to https://id.whitman.edu and follow the instructions. Alternatively, you can go to the WCTS Helpdesk in Olin 168 with your student ID to have the password changed for you.