Email Risks
-
Spam is unsolicited email from legitimate sources, like junk mail and catalogs you may receive in the actual mail. Spam intends to get a message out (like a sale or a new product release) but is not meant to trick you and is low-risk to you and the college.Because of the lower risk, OIT will end monitoring the ‘spam@’ address by the end of October, 2024. Instead of sending your spam there, please use the “Report spam” function in Gmail, which automatically moves the message to your spam folder, and lets Google know it’s unwanted. You can also use the Unsubscribe link (required in legitimate spam) to stop future occurrences, and/or Block the sender.
If an email contains threats of violence or targeted offensive content please call x4444 to report these to Campus Safety.
-
New scam alert: GenAI used to call a potential victim
Scams are usually emails from unknown senders, often spoof college personas, almost always include a sense of urgency, and are designed to steal from you. Student-facing scams often include offers of part time work (just send $500 for setup fee and equipment), but can take many shapes, including natural disaster relief donations, “free” pianos, welding equipment, or other goods. (You just have to pay for the shipping!) The newest “sextortion” scams may even include a Google Maps street view of your residence!When you receive a scam email, please use Gmail’s “Report phishing” feature and do not engage with the sender or any contact info in the message. The risk of a scam relates to the individual, but we don’t want people to get caught up in these, so we treat them as seriously as phishing. We’ve seen occasions where students, faculty members and staff have fallen for these.
OIT will review emails submitted via this method, and may take action up to and including removal from all recipients’ inboxes when necessary.
-
Finally, we’ll address the highest risk email-based threat that we can receive: phishing. TL;DR: when you get one of these emails, please use Gmail’s “Report phishing” function, just like with scams last week.Phishing usually has a specific focus: to steal the credentials to your Williams account or your other personal accounts. This can be done numerous ways, from links, to attachments, to QR codes, voice calls, SMS/text messages, and any other medium you (or GenAI) can come up with.
A popular saying has emerged in recent years that attackers rarely hack in anymore…they just log in using stolen account info instead. This is why it’s such a high risk to the college and to your personal accounts. MFA is a great defense against phishing, but so is prompt detection and reporting.
OIT will investigate “Report phishing” submissions, whether scams or phishing. This makes it a simple process for everyone to follow when you get an email that’s suspicious.
Two important tips:
1. You can always trust emails coming from “@williams.edu” addresses, and can extend that trust to [email protected]
2. You can use the “Show original” menu item (above) to see the actual sender, which can be helpful when you’re not sure
This page (for email threats) was last updated 10/30/2024.