by Maureen Scoones
If you receive an email that looks like it came from ITS regarding a service we provide, and the message contains a link for you to enter personal information (username and password) in order to continue the service, e.g. access to your email, stop! The message is most likely a phishing scheme. Everyone should be super cautious before sharing any personal information (social security number, PINs, credit card numbers, etc.) via web links. Before you even consider entering such information, VERIFY the web site you are using is authentic. How? This Google support page will give you some guidance. The main things to remember are:
- Google won't ask you to enter personal information to continue a service and neither will ITS.
- Check the email address of the sender of the suspected phishing message. Do you recognize the address? Even if you do, it may still be a phishing scheme.
- Mouse over the links in the email message. Compare the address in the body of the message with what appears in the lower left corner of your screen. For example, if I write http://www.hamilton.edu, it looks like you'll be taken to Hamilton's main webpage, but in reality, you are being taken to the U.S. Open Tennis Championship webpage.
- Frequently the phishing schemes report your email account is over quota. Google Apps for Education will not communicate that information via an email. However, you can easily see how much of your 25GB quota you are using by logging into the web interface: http://hillconnect.hamilton.edu and then scrolling to the bottom of the screen to view the quota information, when your account was last accessed, and whether or not you are accessing it from multiple computers.
- When in doubt, before you click, check with the Help Desk (email@example.com, x4181).
Report the phishing messages to Google
If you see a message that is clearly a phishing scheme, you can report it to Google. In the drop down menu where you normally select reply or reply all, there is also an option to Report phishing.
When you click on this option, you'll see the following dialog box. Click on Report Phishing Message.