Scam “phishing” emails that look like they’re legitimate Purdue business could make you WannaCry

The worldwide outbreak of the WannaCry ransomware is another warning to beware of scam “phishing” emails, some of which may look like legitimate Purdue business.

The University is regularly targeted by malicious software like WannaCry, warns Greg Hedrick, Purdue’s chief information security officer, which frequently is passed via scam emails.

In particular, Purdue faculty, staff and students should never open any attachment sent with an email if they do not know the sender and, even if they do know the sender, are not expecting an attachment from them.

If you're unsure, check directly with the person. If they report that they did not send the message, report it to

Keep these other tips from ITaP’s security staff in mind when you check your inbox:

  • Emails containing clickable web links should always be questioned, even if they look like official Purdue email on the surface. Best bet: don’t click email links, which also can be used to pass malicious software like WannaCry. If you do, don't enter your password or other information at a website unless you are certain it is a valid Purdue site. If you are not sure, email and ask.
  • Providing personal information (passwords, Social Security numbers, account numbers, and so on) through email or by phone in response to an unsolicited request is always a bad idea. Purdue will not ask for your credentials by email. If you receive an email requesting private information, report it to

Last updated: May 12, 2017

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at