Protecting Yourself From Fraudulent and Malicious Emails

What are fraudulent or malicious emails?

Past Due Invoice…..

UPS Tracking Information…..

Unpaid Parking Ticket….

Overdue Payment….

Have you received emails with similar subject lines? They are commonly referred to as fraudulent or malicious emails. Fraudulent and malicious emails falsely claim to be a legitimate authority and request an action, normally visit a website, or open a document. Usually when completing these actions your computer becomes infected with a virus.

To protect yourself from fraudulent and malicious emails:

  • Do not click links to invoices or orders. Look carefully at all links in emails. If you aren't sure a link is legitimate and safe, don't click.
  • Hover over links in emails with your mouse to see the actual destination. Most email programs show the URL in the bottom left corner of the window when you hover over a link. Check whether the URL matches the link in message text. If the message claims to be about the university, look to see if the URL looks like other university URLs you are familiar with.
  • Be aware of impersonation attack emails. Impersonation attacks are emails that attempt to impersonate a trusted individual or company in an attempt to gain access to finances, data and install malware. Scrutinize sender addresses and links to spot these fraudulent emails.
  • If the URL doesn't look right, don't click it!
  • Double check. If you are suspicious of a link or attachment, don't click. Check with the sender by phone or in person to see if they actually sent the message.
  • Be careful opening or downloading any Office document or Adobe PDF file.
  • Do not open or download a document from an unfamiliar sender. Always look at the "from" field and the reply to (if there is one).
  • Do not open or download a document shared or stored on a system or service you are unfamiliar with, and be cautious even if the storage is familiar.
  • Preview the doc in Google Drive. It is reasonably safe to view an Office doc or PDF file in Google Drive and use the preview feature of Google Drive to view it. This might help determine if the doc is legit or a scam.

Additional information about specific scams

To report fraudulent and malicious emails asking you to click on links, open documents or provide your username and password, forward emails to Email headers from the original email are needed to perform any kind of analysis. Instructions for finding and email header can be found here.

If you are receiving abusive or threatening messages directed at you personally, which are not spam, contact the IST Service Desk at 973-596-2900 to report.


Last Updated: September 10, 2018