Phishing

Hackers use email or websites that appear to be from reputable institutions such as banks, credit card companies, employers or academic institutions that request account information. They often express urgency or indicate that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. These hoaxes have spread to social networking sites and text messages.

How do I avoid being a victim?

  • Be suspicious of any message that requests your personal information and never send sensitive information through email.
  • Do not click on links in messages that ask you to log in. Instead, type the trusted address in your browser or search for the website if you don't know the address.
  • Never type confidential or sensitive information (passwords, account numbers, etc.) on websites without verifying the website's authenticity (make sure you are at the correct address) and security (look for an https in the address bar).
  • Pay attention to the address: Malicious websites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.net vs. .com).
  • If you are unsure whether a request is legitimate, contact the company directly. Do not use the contact information provided in the request. Instead, check previous statements for contact information.
  • In general, be wary before providing sensitive information online or over the phone.

Information about known hoaxes and scams is posted at the following sites:

Top 10 Phishing email subjects (2017):

  1. Security Alert
  2. Revised Vacation & Sick Time Policy
  3. UPS Label Delivery 1ZBE312TNY00015011
  4. BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO
  5. A Delivery Attempt was made
  6. All Employees: Update your Healthcare Info
  7. Change of Password Required Immediately
  8. Password Check Required Immediately
  9. Unusual sign-in activity
  10. Urgent Action Required
  11. Bonus: Tax/W-2 Related

What do I do when I've given out information?

  • Passwords: If you have revealed your password, change your password on every account that uses it. For NetID passwords, also report the disclosure to Help Desk Central at 979.845.8300 or helpdesk@tamu.edu so they can be on the lookout for suspicious activity.
  • Financial Information: If you have revealed financial information, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplained charges to your account.
  • Consider reporting the attack to the police and filing a report with the Federal Trade Commission.

Legitimate Email from Texas A&M Division of IT

To combat fraudulent emails supposedly sent by Texas A&M Division of Information Technology or Help Desk Central, look for a specific format we use when emailing individuals directly (i.e. not bulk mailings). This format includes using your first and last name as well as providing the last four digits of your Universal Identification Number (UIN).

The salutation should appear similar to the following sample:

Howdy FIRSTNAME, LASTNAME (UIN ending in ####):

The Texas A&M Division of Information Technology NEVER asks you to send sensitive information via email (e.g., social security number or password) or uses e-mail to send you unsolicited files to run on your computer.

What should I do if I get an email from Texas A&M that states I have malware?

The Texas A&M Division of Information Technology sends email notifications to students if malware is suspected on their computers. To ensure it is a legitimate email from the Division of IT and not a phishing scam, check for the following items in the email:

  • Your name and last four digits of your UIN
  • Explanation of the malware detected
  • Instructions on how to install anti-virus and scan your computer
  • Contact number to call with further questions

If you receive one of these emails, please follow the directions to remove the malware from your computer.