That email that sounds too good to be true almost certainly is
Purdue is regularly targeted by scam “phishing” emails, like the "cool cash" series offering big money for small jobs. Some of these messages can look quite legitimate, in part because they're sent from compromised Purdue accounts commandeered by scammers.
To avoid being the next one to have your account compromised, keep these three tips from ITaP’s security staff in mind when you check your inbox:
- Providing personal information (passwords, Social Security numbers, account numbers, and so on) through email or by phone in response to an unsolicited request is always a bad idea. Purdue will not ask for your credentials by email. If you receive an email requesting private information, report it to abuse@purdue.edu.
- Emails containing clickable web links should always be questioned, even if they look like official Purdue email on the surface. Best bet: don’t click email links. If you do, don't enter your password or other information at a website unless you are certain it is a valid site. If you are not sure, email abuse@purdue.edu and ask.
- Never open any attachment sent with an email if you do not know the sender and, even if you do know the sender, are not expecting the attachment from them. If you're unsure, check directly with the person. If they report that they did not send the message, report it to abuse@purdue.edu.
While some phishing emails look legitimate, there are often telltale signs that a message is a scam. Grammar and spelling mistakes are red flags. So are calls for immediate action, including instructions to visit a website and sign in with your Purdue credentials or to open an attachment.
Visit the Secure Purdue website for more information on staying safe online and keeping your personal data and Purdue's data secure.
Remember: October is National Cybersecurity Awareness Month!
Last updated: October 8, 2019