Jump to other news and events
Purdue signature

New email header will alert individuals to probable phishing scams

Due to the continual increase in phishing attempts targeting Purdue email accounts, ITaP has created a new email header that will alert Purdue mail users to probable phishing scams.

All individuals who use an @purdue.edu email address will be affected by this change. The alert will be added to the top of messages and will read as follows:

**** This header added by an automatic scan for phishing emails. ****

Please be advised that the email below contains a link associated with an identified phishing scam. Clicking on the link may harm your computer. If you believe your Purdue career account has been compromised, please contact your local academic IT support or the ITaP Customer Service Center at 765-494-4000 for help managing risk to you and the University.

**** This header added by an automatic scan for phishing emails. ****

The new message is intended as an early alert for students, staff and faculty to carefully review an email because a contained URL has been reported as potentially harmful. In some cases, Purdue’s spam engine may later update its definitions and quarantine messages as spam.

It is also possible that some suspicious messages may be delivered before they’re identified as harmful. For that reason, David Shaw, Purdue’s chief information security officer, also encourages individuals to ask themselves the following questions when browsing their inbox.

“These questions serve as general guidelines for identifying phishing attempts,” Shaw says. “The more red flags you see in an email, the more likely it’s not legitimate.”

  • Does the message contain general salutations and signatures? Most phishing attempts begin with generic phrases like “Greetings valued customer,” or “Dear account user.” Most legitimate companies, on the other hand, will include an intended recipient’s name in their correspondence. Another indication of a phishing attempt is a general signature at the end of the message, such as “Purdue Messaging Group.”
  • Are the URLs legitimate? Emails containing Web links should always be questioned. One way to verify a link’s legitimacy is to hover your mouse cursor over embedded links and make sure the link uses encryption (https://). Also, if the link in the text isn’t identical to the URL displayed when you hover the cursor over the link, that’s a sure sign it’s taking you somewhere you don’t want to go. Another best practice: open a new browser window and visit a site directly by pasting in its Web address, or URL, rather than simply clicking the link in an email and going wherever it takes you.
  • Is the sender requesting personal information? Providing personal information through email or by phone in response to an unsolicited request is always a bad idea. Messages soliciting passwords, Social Security numbers and other personal information are scams.
  • Is the email asking you to take immediate action? Hackers want you to respond without thinking. Phishing emails might even claim a response is required within a short time frame because your account has been compromised. Watch out for language directing you to update an account, download an attachment, visit a website, provide personal information, etc.
  • Does the message contain suspicious attachments? Opening attachments can cause automatic malware downloads or lead to compromised personal information. High-risk attachment file types include: .exe, .scr., .zip, .com, .bat. Any time you see an attachment from someone you don’t expect, it should be considered somewhat suspicious.
  • Is the email making promises that seem too good to be true? Then they probably are. Any message offering to put money in your bank account with a single click is a scam.
  • Are there misspellings or typos? An email from a legitimate organization should be well-written. Grammar and spelling mistakes are red flags.

What to do if you receive a phishing email:

When you see suspicious email in your Purdue inbox that’s not already flagged as a phishing attempt, report it to abuse@purdue.edu with the original email attached to preserve its header information. Doing so helps Purdue’s security team review the message and advise if it is legitimate. The security team also can take measures to block fraudulent websites.

To attach an email in Windows using Outlook with Purdue’s Exchange service, create a new message and choose “Attach Item” from the dropdown list on the message menu bar. Then select “Outlook item,” and attach the email in question. On a Mac, right click or control click on the suspicious message and choose “Forward Special” and “As Attachment” from the dropdown list.

When using myMail, click on the “Options” menu in the “Compose” window and select “Include Original As Attachment” before forwarding the suspicious message.

Writer: Andrea Thomas, ITaP technology writer, 765-496-8204, thomas78@purdue.edu

Source: Mick Haberzetle, manager of messaging and application services, 765-496-1067, mick@purdue.edu

David Shaw, chief information security officer, 765-496-8289, shaw46@purdue.edu

Last updated: Jan. 14, 2014