Recognizing Phishing Emails
With the holidays upon us and their associated distractions, we want to remind members of the Caltech community to be extra vigilant to avoid email scams that may appear in their inboxes.
Scammers are known to increase their attacks during the holidays, taking advantage of people when they have many responsibilities to juggle. IMSS has noted an uptick in recent weeks in the of number of emails linked to phishing scams that are being sent to individuals with Caltech.edu email addresses.
These phishing scams attempt to appear as legitimate emails from the Institute or other trusted organizations, and ask recipients to input certain vital information, such as their date of birth and social security number, or their Access.Caltech.edu credential information with their password. The messages may sometimes claim there is a security issue with the user's account, and ask for these pieces of information under the pretense of confirming the user's identity. The scams have also claimed that a secure message is awaiting them once they confirm their identity.
Though IMSS blocks the vast majority of these emails, the scammers' ever-shifting tactics mean that a few emails inevitably slip through security filters. For this reason, it is important to remember the following:
- Caltech will never contact you to ask for you to share personal information by email. This includes your date of birth, social security number, driver's license number, Caltech password. This is known as Personally Identifiable Information, and may also include your phone number, the city in which you were born, or your mother's maiden name. Do not provide any of this information in response to an email.
- Phishing emails can contain links that appear to lead to a page on the Caltech website but are actually fake sites intended to copy the appearance of a legitimate Caltech webpage (or of a third-party site associated with the Institute). Do not click these links.
- If you are unsure if a link in an email is legitimate, mouse over the link to reveal the URL, or press and hold on the link on a mobile device to see where it will take you.
- If you receive an email that you believe is suspicious in nature, DO NOT click any links in the email, and do not "unsubscribe" or acknowledge the email in any way. Instead, please contact IMSS immediately to obtain guidance and assistance; you can do so by calling the Help Desk at x3500, opening a Help Desk ticket online, or emailing Information Security directly at [email protected].
For additional information on how to identify and avoid common scams, see the IMSS website. To see an example of a phishing scam, visit: https://www.imss.caltech.edu/services/security/issues/scams/phishing-scam-example.
Thank you , and please have a safe and enjoyable holiday. .