Protect Yourself from Email Scams
Scam Vs. Spam
Spam emails are annoying, unsolicited, and often sent multiple times, but they are generally harmless. Scam (and phishing) emails are types of fraudulent spam intent on stealing sensitive information (e.g. your Drexel sign-in credentials, bank account, credit card numbers).
Is This a Scam, or Is It Just Spam?
The distinction between spam emails and scam emails isn’t always clear. For example, chain letters are annoying, but don’t cause harm. They’re just spam.
However, scammers often use spam to achieve their goals. They can use an email linked to a Web site that asks recipients to “verify their accounts.” Thus, scammers can steal passwords.
Scam emails always want recipients to do something: click a link, verify an account, wire transfer money, respond immediately. They can look very real, but are anything but.
Protect Yourself from Email Scams
ALWAYS keep your anti-virus software up-to-date, and scan your computer regularly. The Drexel community can download and install Sophos Endpoint Protection for PC or Mac at software.drexel.edu.
Here are some scam protection tips:
If you think your Drexel accounts have been compromised, contact the IRT Help Desk immediately at 215-895-2020.
- NEVER EVER give anyone your password. Doesn’t matter who asks or why.
- Avoid opening unsolicited attachments. Scammers use them to transfer malware or viruses.
- Be wary of unexpected emails that contain personal information. Scammers scrape personal information from the Internet and use it to trick recipients.
- Don’t blindly click links in unsolicited email. Hover over the link with your mouse and see if the actual link matches the text. If they don’t match, treat with extreme caution or copy/paste the link text into your browser.
- If you do click an unsolicited link, and it takes you to a sign-in page, DON’T sign in. Close the window.
- Block the automatic display of images. Many clients will block images by default, but some Web-based clients can’t—in such cases, only open emails from trusted sources.
- If it sounds too good to be true, it probably is. Don’t respond to those messages.
Keep Your Email Address Off the Spam Radar
Managing the visibility of your email address not only helps prevent floods of spam—it helps keep scam emails out of your inbox and thus unanswered.
- Avoid posting your email address on publicly searchable Web sites, including social networking sites and personal blogs.
- Only give your email address to reputable organizations with good privacy policies.
- For Web sites of unknown reputation or privacy, sign up with an email address you don’t care about or never check.
- Don’t respond to spam and, if it is unsolicited, don’t use a spam message’s “unsubscribe” option. This tells spammers you’re reading their email.
Reporting Scam/Phishing Emails
Send suspected scam/phishing emails with full headers to email@example.com. For more information on how to find full headers, see this answer in AskDrexel.
Reporting Untagged Spam
Send untagged spam with full headers to firstname.lastname@example.org. This helps Sophos’ PureMessage filtering rules pick up spam and thus prevent spam and, consequently, scams from reaching inboxes. For more information on how to find full headers, see this answer in AskDrexel.
Note: What if real email gets incorrectly tagged as spam? Because this sometimes happens, it's a good idea to occasionally check your Junk Mail folder. Send incorrectly tagged email (with full mail headers) to email@example.com.