July 28, 2016

Faculty, staff urged to be alert to email scams

In the last two weeks, the Office of Information Technology-Security (OIT) has received a large number of complaints regarding email scams. Faculty, staff and students should be alert and cautious.

OIT sends numerous warnings, and neutralizes as many attacks as possible, but scammers and hackers are persistent, resourceful and clever. Scammers continue to bait online users to gain access to your device -- whether it is a computer, laptop, tablet or smartphone -- to get personal information to use for identity theft or other criminal activity. Hackers, meanwhile, try to gain access to your devices for the thrill of wreaking havoc on you and millions of other users, steal information directly from your machine, and use your computer to further their mischief.

If you receive a suspicious email, delete it. If deleting an email without replying makes you feel uneasy, send the email and any questions to scam@siu.edu.

Here are some steps to stay alert, be proactive, and protect yourself

Examine any unexpected and unfamiliar email

Look at the email subject line before opening. If the subject line makes the email seem particularly urgent or enticing, this is a sign the email may be fraudulent.

Do not click on links

A request to click a link in an unexpected email for any reason is a very strong indicator that the email is bogus. Sometimes malicious email will simply instruct recipients to “click here.” Other scammers actually show a full link, and may even include an “siu.edu” account extension. Do not click either type of link, and do not copy the link and place it in your address field.

Look at the email greeting and close

Even emails addressed to you should not eliminate suspicion. An email with no greeting, a general greeting, where your name is misspelled, or an overly formal greeting with courtesy titles including Mr., Mrs., or Ms. is a warning to be cautious. In addition, examine how the email closes and if there is an identifier with contact information. If the closing is awkward or absent, or if there is no contact information, beware.

Beware of threats or enticements

Examine the email content and look for misspellings and odd language phrasing that are absolute giveaways. Scammers and hackers will do their best to make the content seem urgent or extremely appealing. Types of emails that are almost certainly scams are those that offer a unique opportunity or warn of potential consequences for failing to take action, such as these current scams circulating on campus: “Secure Your Mailbox,” “SIU Mailbox Warning,” “IT Account Update,” and “Account Has Been Disabled.” Alerts for known scams are posted here and posted on Twitter here

If you believe the email is truly critical and needs to be answered, contact the sender but do not use the contact information contained in the email. If the email claims to be from the university or a business, go online to locate contact information. University, government and financial institutions, and most businesses will never ask email recipients to send personal information by email – or over the telephone. Do not give anyone this kind of information when responding to an email