Email Safety

  • Email scams are attempts to defraud you. Classic examples include notices that you've won the lottery and charities requesting donations after a recent disaster. And, now more frequent, are the emails that state your email account or payroll information needs to be updated.

    Don't be fooled, these are scams created by criminals who are after your money.

    About Phishing

    Of the many scams facing JWU students, faculty, and staff while navigating the Internet, phishing is potentially one of the most damaging, with serious consequences if an Internet user is not prepared to identify and avoid such fraud.

    In the first 3 months of 2015, our JWU community had 16 victims fall prey to email phishing. (We had a total of 15 victims for the entire 2014 year.)

    Phishing is a scam, an email-based attack, that attempts to fool you into taking an action. It tries to trick you into revealing personal or confidential information which the scammer can use illicitly. Typically, such an email looks to be from someone you know or trust, and entices you to take an action, such as clicking on a link or opening an attachment.

    Phishing scams come from everywhere, both forged @jwu.edu accounts and others. Although JWU currently blocks most phishing, there are still many cases of JWU users being affected.

    Protect Yourself from Email Phishing

    • Be cautious
    • Never give out personal information or credentials via email
    • Look for incorrect grammar, capitalization, and verb tenses
    • Do not immediately click on links. First, hover your cursor over the links; look for inconsistencies. These links may be directing you to a fraudulent website, different from the one claimed.
    • Do not respond to suspicious emails
    • Be suspicious of "immediate action" emails that create a sense of urgency
    • Be suspicious of emails with a generic greeting
    • Just because you receive an email from a friend does not mean he/she sent it. Your friend's computer may have been infected, and malware is sending the email with your friend's list of contacts. Check with your friend to confirm that he/she sent it.
    • Do not download anything from unknown and/or untrusted websites
    • If an email seems odd or too good to be true, it is most likely an attack
    • Never provide login or personal information via email or via a website you click to from a suspicious email.
    • Try this Spam Scam Slam video game -- Do you know when an email is a scam?
    • Manage spam in your JWU email

    What JWU IT Does

    JWU will never ask for your username or password via email or phone.

    There is no emergency or special situation that will ever override this. Do not believe emails directing you to other web pages that ask for your JWU credentials. These are always bogus attempts to steal your information.

    Our Information Security team reviews any email that looks suspicious.

    Any email determined to be malicious is blocked from going through JWU's network, thus preventing it from spreading within the JWU community.

    Email IT with any suspicious email that is received in your JWU email.

    If You Think You've Received a Scam Email

    Check the email address -- does it really match the email content? Does it match the legitimate email address of the organization it is supposed to be?

    Do not click on links in an email you believe to be fraudulent -- it could be a link to a malicious software auto-download.

    Check the security certificate of any website into which you are entering sensitive data. The website address should begin with https://. And, some browsers will display padlock symbols in the address and status bars. Anything on a website can be falsified, even if it says it's safe, and it can't be verified by the browser you are using; thus, it shouldn't be trusted.

    Type in web addresses yourself -- some emails may link you to a website that appears to have a legitimate address, but is actually fake (ie, jwu.scholarships.com is not the same as a jwu.edu website).

    Next Steps

    Receive a suspicious email to your JWU email account, that looks like it was sent from a @jwu.edu address? Forward it to ITSecurityTeam@jwu.edu.

    Think your computer has been compromised as a result of phishing (slow performance, pop-up ads for anti-virus software, etc)? Contact IT, and reset your JWU account password.

    If you have responded to any message of this type, or think your computer has been compromised as a result of phishing (slow performance, pop-up ads for anti-virus software, etc), please contact IT. We will send you a follow-up email with instructions on how to proceed.

    And, remember to always reset your JWU password immediately afterwards.

    If you think you may have given relevant account information to identity thieves, change the passwords for your personal accounts and call the organizations that maintain those accounts (especially for bank accounts).