Beware scam “phishing” emails that look like they’re legitimate Purdue business, or even from the president
If Purdue President Mitch Daniels sends you an email, you can be sure it is not going to start out "Dear purdue Community" and be followed by a series of other capitalization, grammar or spelling errors.
But that's just what campus email users have seen recently in messages supposedly from President Daniels and other emails claiming to be on official Purdue business. Improper capitalization and bad grammar or spelling are big red flags that these messages are more than likely scam “phishing” emails.
The University is regularly targeted by phishing scams, some of which look quite legitimate, says Greg Hedrick, Purdue’s chief information security officer. Purdue has security systems in place that catch and kill a lot of these but no system can stop them all.
That makes it a good idea to keep these tips from ITaP’s security staff in mind when you check your inbox:
- Providing personal information (passwords, Social Security numbers, account numbers, and so on) through email or by phone in response to an unsolicited request is always a bad idea. Purdue will not ask for your credentials by email. If you receive an email requesting private information, report it to firstname.lastname@example.org.
- Emails containing clickable web links should always be questioned, even if they look like official Purdue email on the surface. Best bet: don’t click email links. If you do, don't enter your password or other information at a website unless you are certain it is a valid Purdue site. If you are not sure, email email@example.com and ask.
- Never open any attachment sent with an email (the recent scam included a .pdf document) if you do not know the sender and, even if you do know the sender, are not expecting an attachment from them. If you're unsure, check directly with the person. If they report that they did not send the message, report it to firstname.lastname@example.org.
Last updated: February 8, 2017