Ithaca College

DIIS commonly receives reports of email scams circulating on campus, most recently this past week when about 4,000 users received a "phishing" email (so named because the sender is fishing for your personal information). While most people recognized it as suspicious and deleted it, some did not. We thought it would be helpful to share one of these messages to point out and explain the "red flags", designated as "(RF #)" in the sample message below.

From: Allie Alumni (RF #1)
Sent: Wednesday, February 01, 2017 10:26 AM
Subject: Attn: (RF #2)

(RF #3)

Verify you Ithaca Account HERE (RF #4, 5, 6)

(RF #7)

~~~~~End Sample~~~~~

Red flags explained: 

RF #1: The message is from a name that is unfamiliar to most of us
RF #2: The message has a vague subject
RF #3: The message does not address you by name
RF #4: The message body has poor grammar ("you" should be "your")
RF #5: The message is cryptic with no explanation of what account needs to be verified or why
RF #6: In the actual message, the word HERE was a link to a ".com" web page instead of ".edu"
RF #7: Not signed with any contact information such as department name, email address, room/building, and phone number

~~~~~~~~~~

While any one of these red flags by itself does not necessarily mean it is a phishing message or scam, the presence (or lack of) any of these elements should raise your suspicion. We hope you find this information useful in identifying the next phishing email that will inevitably be delivered to your inbox.

Should a suspicious message come your way, feel free to contact the Service Desk for advice about whether it is legitimate or not.

Service Desk
servicedesk@ithaca.edu
104 Job Hall
4-1000