Have you ever gotten an email that appears to be from a legitimate company telling you your account has been suspended? Or telling you that you need to reset your password? Often times, these emails are phishing scams. Phishing is illegitimate solicitation of personal information via email.
Unfortunately, MIT community members are a popular target for these scams. So it’s crucial that you recognize phishing emails for what they are and toss them in the trash.
A phishing email will often ask for your password or other personal information. Know that MIT, or any other legitimate business, will never ask for your password or personal information via email.
Phishing scammers are skilled at what they do. They are able to create an email that looks as if it came from MIT or some other recognized institution, using logos and graphics that appear to be legitimate.
Fortunately, there are some good ways to spot phishing emails. Keep an eye out for bad spelling, grammar, or formatting. Check for a reply-to address that is different from the address the email supposedly came from. If there’s no contact information for the person the email is supposedly from, that could be a red flag. A phishing email will often be threatening in nature; for example it may threaten to delete your account if you do not respond. A phishing email may also provide a link, claiming it will allow you to refresh your credentials.
An article in the IS&T Knowledge Base provides some examples of “phishy” MIT emails. Follow our Twitter feed to stay updated on phishing scams that target MIT. Recent examples include emails from "firstname.lastname@example.org" and the “IT DESK.”
Remember: Never give out your password or other sensitive information via email, no matter how legitimate the email appears to be. MIT will never solicit your password or other personal information via email. Stay safe!