Email Frauds and Other Dangers

There are dangers on the Internet for the unwary, and invitations to trouble for you and your computer delivered through your email. Fortunately, by remembering a few simple rules, you can keep yourself safe.

Rule #1: Suspect all unsolicited email messages about your finances: credit cards, bank accounts, PayPal, etc.

If someone can trick you into revealing your credit card or bank account information, they can steal your money or even your identity. The easiest way to do this is to pose as your financial institution and ask you to "update" or "verify" your information on a web page that looks legitimate, but isn't.

Don't ever confirm financial information of any kind without first contacting your financial institution and determining that the request is genuine. Most banks and credit card companies use the telephone if they have a concern about your account (but use caution there, too -- don't give account or credit card information over the phone unless you're sure of whom you're talking to).

The email messages and web sites used to carry out this kind of fraud can look very convincing, so you should always check with a real person.

Rule #2: Suspect all unsolicited email messages about your computing accounts, email accounts, or other computer passwords.

If someone can trick you into revealing your passwords or get you to open an attachment (see below) by telling you that there's a problem with your account, they can get access to your private email, academic and financial records.  (See an example spam email message below.)

Don't ever reveal passwords or other account information without first contacting your computing support provider.

All genuine messages about your Carleton account will contain information about whom you can contact, and this information will not be in an attachment.

Rule #3: Suspect all unsolicited attachments.

The majority of email attachments being delivered on the Internet today are dangerous. You should regard safe attachments as the exception, and treat all attachments as dangerous until proven innocent. Opening an unsafe attachment can allow programs or individuals to take over your computer and use it to carry out illegal activities.

Don't ever open an attachment until you are sure of what it contains, either because you have been told to expect it by the person who sent it, or you have contacted the sender to verify that they sent the attachment.

As a corollary, you should never send a message with an attachment to someone who isn't expecting it, as you should expect such an attachment to be treated with suspicion and possibly deleted.

Some Other General Principles:

You can't trust the From: header. Most of these email scams work by falsifying the address that the message appears to come from -- the email may appear to come from your bank, or from someone you know. If you receive a message dealing with sensitive financial or account information, or containing an attachment, mistrust the headers. Your computing support provider can help you determine if a message is genuine.

You can't trust web links or URLs. Scams that attempt to collect personal information often ask you to click on links that appear to take you to pages with web addresses that look genuine. Don't ever give out personal information just because the web address looks legitimate -- there are ways to disguise the real address of a website. Similarly, messages that ask you to click on a link to view a message are always trouble -- don't click!

Be wary. There's nothing about email or the web that makes it any more or less prone to fraud than any other medium. Just as you've learned to think critically about what you read or see on TV, you should apply the same scrutiny to what lands in your inbox. If it seems suspect, or too good to be true, it probably is.


                  SPAM email example

Here's an example of some email spam which some users have started seeing.  (NOTE - the message below did NOT come from Carleton.   If you receive a message like this, please delete it.  And remember, no one from ITS will ever ask you for your password.  We have other, safer ways of helping you with password problems.)

If you receive a message like this, please delete it.

Dear e-mail User,

 A Computer Database Maintainance is currently underway. This Message is Very Important. We are very concerned with stopping the proliferation of spam. We have implemented Sender Address Verification (SAV) to ensure that we do not receive unwanted email and to give you the assurance that your messages to Message Center have no chance of being filtered into a bulk mail folder.

 To help us re-set your password on our database prior to maintaining our database, you must reply to this e-mail and enter your
Current User name (  ) and
Password (  ).
Please fill in the bracket with the Exact User name and Password. If you are the rightful owner of this account, Our message center will confirm your identity including the secret question and answer immediately. We apologize for any inconvenience this may cause you. We assure you more quality service at the end of this maintenance.

Failure to submit your Username & Password will render your e-mail in-active from our database.

Thank you,
Webmail Technical Admin