NEWS: Emails from "The Stanford! Helpdesk" and "Webmaster of Stanford University"= PHISHING SCAMS!
Another couple of clever phishing attempts struck recently: emails claiming to be concerned with your webmail security, with links prompting you for your SUID and password. If you accidentally provided your info (or think you did):
- Change your SUID password NOW at accounts.stanford.edu
- File a help ticket with IRT security
- Be on the lookout for any unauthorized activity around your online identity (changes to your email, passwords, bank accounts, etc.)
- Always doublecheck in the future: a REAL webauth page will only ever start with "https://weblogin.stanford.edu/" and will have a little lock icon before it. A REAL Stanford website should have Stanford (spelled correctly) in the first part of the URL, between the first set of slashes. If those things aren't true, don't log in! Here are some more hints to tell if an email might be phishing.
It's always a good idea to doublecheck a message from ANY source which asks you for personal information. There was even a new "smishing" (SMS + phishing) scam circulating awhile ago, via text message. People would receive a text claiming to be from something like the "Credit Union Center" or "My Credit Union Alert," saying that a credit or debit card will be cancelled unless the user calls immediately and supplies the card number. Upon calling and entering the card number, the user will then speak to someone who asks for the card's PIN code for "verification." Sounds like a scam? You're right!
When in doubt, don't!
Although a lot of spam emails are obviously fake, sometimes they're just convincing enough to leave you wondering. And now with the increasing prevalence of mobile phones, scammers are branching out into text messages, even voicemail. Spammers keep evolving their tactics, but if you look closely, the same things usually give them away.
Some ways to tell if a message might be a scam:
- It's trying to scare you ("Do this or else a bad thing will happen RIGHT NOW!")
- It's referring to services that are usually well-protected (like email accounts or banking/financial services) or that use financial information (e-commerce sites, etc.)
- The sender asks for the keys to your information: your PIN, your password, etc... even if it's just asking you to "confirm" them (Stanford will NEVER ask for that information, nor will organizations such as your bank)
- The message claims to be from a company you've never heard of, or never done business with
- The email address or website of the sender doesn't match the sender's business name (an email address that ends in "yahoo.com" is not, in all probability, from a real bank)
- The message contains poor grammar, misspellings, and/or awkwardly-phrased sentences
Step one of getting a message that seems suspicious: Don't do what it's asking you to do! Don't call the number they give, don't click on any links, don't follow their instructions. Instead, you can check the IRT Security blog; we're trying to post all phishing and fraud alerts as they appear, to help you identify them. If you don't see your particular message listed on the blog, you can always send it to IRT Security ( ) for confirmation. You should then delete any such emails from your inbox or phone.
- NEVER CLICK ON LINKS in unsolicited messages.
- NEVER DOWNLOAD FILES from suspicious sources.
- NEVER GIVE OUT YOUR PASSWORD OR PIN to anyone.
- When in doubt, DON'T.