Fraudulent emails (or phishing) refer to emails that ask you (i.e., ‘fish’) for your personal and financial information, such as your social security number, bank account information, credit card numbers, and other personal identity information.

These emails seem to come from a legitimate source: a well-known Internet Service Provider, an online payment service, bank or other reputable financial institution.

The message usually states that you need to update or validate your account by clicking a link included in the body of the message. At some point, you may also be asked to provide your bank account information.

Don’t be fooled! These are fraudulent emails that in most cases have nothing to do with the institution they claim to be affiliated with. Opening, replying or clicking the links provided in these emails pose a serious security risk to you and the campus network.

Some of the risks involved are:

• Identity Theft: Once you provide your personal information in response to a fraudulent email, this information can be used to access your financial accounts or secure loans in your name.
• Virus Infection: Some of these fraudulent emails include links that, once clicked, download computer viruses to your computer. Please note that infected computers will be disconnected from the campus network and the Internet, and will not be reconnected until they are disinfected.

There are several steps you can take to protect the privacy of your information and the security of the campus network:

If you receive an email that seems suspicious:

• Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly, and ask them to verify the information included in the email.
• Do not click the links provided in these emails (or cut and paste them into a browser). This may download viruses on your computer, or at best, confirm your email address to these spammers.
• Delete the email if you have no relationship with the apparent sender.

Never email your personal and financial information. Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email. Online banking and payment services use secure Web sites for their transactions. Look for an s after the http in the URL (e.g., https://spire.umass.edu/): s stands for secure.

Review your credit card and bank account statements on a regular basis. Spot and report any unauthorized or suspicious charges.

Do not open unsolicited attachments. If you receive an attachment you are not expecting, we recommend that you confirm with the sender that he/she did indeed send the message and meant to send an attachment.

Enable OIT’s spam filtering service. UMail, the OIT-provided email, now comes with a spam-filtering service which helps to get rid of unsolicited email, including some of these fraudulent emails. Remember:

• Spam filtering is now automatically enabled for new OIT Accounts.
• While not foolproof, OIT’s spam filtering service identifies approximately 65% of the spam messages sent to UMass’ email servers daily.

More about Spam Filtering

Use anti-virus software & keep it updated. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated. Members of the UMass community can download anti-virus software for Windows and Macintosh computers at no cost from OIT’s Supported Software & Downloads pages. More about Virus Protection

Update your operating system. Microsoft usually distributes monthly updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. To learn how to update your Windows operating system, see Installing Security Patches.

Contact your financial institution. Report the content of your email and your actions to the security or fraud department.

File a police report. Contact the UMass Police Department at (413) 545-2121 or your local police department.