Phishing Emails

Is it real?
If you have to ask, it probably isn’t!

Here are examples of some of the most recent phishing emails we’ve seen:

DROPBOX

This recent phish pretends to be from DropBox. Note the strange email address and the link that did not go to Drop-Box.

ICLOUD

This recent phish pretends to be from iCloud. Note the strange email address and the link that did not go to iCloud.

Things to check before clicking on a link in an email:

1. Check the email address:
– Hover your mouse over the email address, is the address the same? Is it a valid email address of someone that might send you such an email?
– Did the person in question actually send the email? If not 100% sure, contact them to find out!
– If the email concerns your Williams username/passwords, see #3 below.
2.Check the link itself BEFORE clicking on it:
– Hover your mouse over the link. Does the actual link match where it is supposed to go?

3.Check if it is a valid email from OIT:
– OIT will NEVER, EVER ask for your Williams Username/Password
– Official OIT emails will have “OIT-EPH-NOTICE” and the date in the subject line

If you have submitted your password to a phishing site or email, here are the steps you will need to take ASAP:

http://it.williams.edu/help-docs/security/phish-recovery/

When you do recognize a phishing email it helps to report it directly to Google so they can analyze and block it more quickly. From the gmail interface in a web browser choose Report Phishing from the drop down menu next to Reply

report-phishing

This may be a good time for you to review the security settings on your Google Account.  Do you have 2-step verification turned on? To check, visit your Google Account settings by clicking on the top right circle and select “My Account”.  Under the “Sign-in & Security” section you can set up 2-step verification.