Here’s a repost from 2014 with updated information:
Here’s the situation: you’ve received an email and you’re unsure whether or not it is real or not. Some emails are blatant attempts to steal your personal information. Other scam emails aren’t so easy to detect. Here are some tips to determine if the email you’ve received is spam.
1.) Look at the to, from, and reply to addresses!
This weekend, an email went to a number of SJU employees. The text is below:
Reply To: email@example.com
The @sju.edu database is undergoing an account upgrade. All subscribers are required to reply to this email:(firstname.lastname@example.org) with their username: and password: to ensure that their account remains subscribed to the web-mail database Otherwise your account will be De-activated from the database.
IT Services Help Desk
Do those email addresses seem fishy to you? It’s because they are! If you are not familiar with an email address, don’t open it, respond to it, or click any links within the body of the email. Just delete it. Email messages from the SJU Office of Information Technology will come to you from an official SJU email address.
As spammers become more sophisticated, you’ll notice that some do send AS what appears to be an official SJU email address. Using the tips below you can probably still identify the email as spam. If it seems suspicious, it probably is! Contact the TSC – we will help you determine the legitimacy of the email.
2.) Is the email asking for personal information?
You’ll notice in the email above, the sender is requesting the customer’s “username and password“. SJU OIT will never ask for that information. Nor will any legitimate sender. If you receive an email asking for personal information, please delete it.
3.) Is the email asking you to click on a link?
Here’s an example:
update your account by clicking on the link below and fill information for
OIT does not perform upgrades in this manner and we won’t threaten to shut down your account if you don’t follow a link or provide personal information.
4.) Check the signature!
IT Services Help Desk
An email from SJU OIT will contain a formal header, subject line, and signature. We do our best to eliminate any guesswork and confusion.
Additionally, with the implementation of Hawk Hill Today, most of our official communication will come through that channel.
5.) Are there spelling errors or randomly capitalized letters?
This may be less common but is a dead giveaway that the email you’ve received is a scam.
Some spammers are far more sophisticated than others. Forgers can fake a sender address, signature, and header. Here is an example of a spam where the sender references our employee email client, but you’ll notice that the from address is not an SJU email address:
From: “Patricia Rissmiller” <email@example.com> (who?!?)
Sent: Friday, September 27, 2013 12:05:23 PM
Subject: Upgrade Alert
You have exceeded your email quota limit of 500MB and you need to expand the zmail.sju.edu quota before the next 48 hours. If you have not updated your email account in 2013, you must do it now. You can expand to 10GB quota limit.
If you are ever in doubt about an email that you’ve received, please contact the TSC and we can determine its validity. If you’ve received an email that you are certain is spam, please forward it to firstname.lastname@example.org. This email address is used by our email system administrators to strengthen our spam servers.
As always, if you have any questions or concerns about an email that you believe may be fraudulent, please contact the TSC.