Jump to other news and events
Purdue signature

Be wary of scam “phishing” emails that look like they’re legitimate Purdue business

fishing graphic

If it looks like a duck, waddles like a duck and quacks like a duck it probably is a duck, but that official-looking email purportedly from Purdue may not be.

The University is regularly targeted by scam “phishing” emails, some of which look quite legitimate, says Greg Hedrick, Purdue’s chief information security officer.

Keep these tips from ITaP’s security staff in mind when you check your inbox:

  • Providing personal information (passwords, Social Security numbers, account numbers, and so on) through email or by phone in response to an unsolicited request is always a bad idea. Purdue will not ask for your credentials by email. If you receive an email requesting private information, report it to abuse@purdue.edu.
  • Emails containing clickable web links should always be questioned, even if they look like official Purdue email on the surface. Best bet: don’t click email links. If you do, don't enter your password or other information at a website unless you are certain it is a valid Purdue site. If you are not sure, email abuse@purdue.edu and ask.
  • Never open any attachment sent with an email if you do not know the sender and, even if you do know the sender, are not expecting an attachment from them. If you're unsure, check directly with the person. If they report that they did not send the message, report it to abuse@purdue.edu.

Last updated: Dec. 9, 2016