Email scams and malicious email, sometimes called phishing, are types of electronic fraud commonly carried out through requests to gather personal information. These types of emails appear to come from reliable sources like Northwestern or your banking institution, and often contain urgent requests that require the recipient to provide personally identifiable information―passwords, credit card account numbers, and Social Security Numbers―by either replying to the email directly, or by entering this information on a bogus Web site.
NUIT is providing you with a central location of scam emails that are received by the University. If you are unsure about the legitimacy of an email, compare it to the recent list of attempts at Northwestern. If it is not listed, immediately forward the complete message with email message headers to email@example.com.
Northwestern’s Phishing Net
In an effort to prevent email scams from reaching the University’s central email server Northwestern’s Email Defense System (EDS), powered by Symantec Messaging Gateway, blocks the majority of viruses and messages that carry malicious code from being distributed across the University community.
Occasionally, some malicious or junk email attempts slip through this security net. NUIT recommends that all Northwestern email recipients use EDS for increased computer security, and to prevent the potential for falling victim to such attempts.
Know the Signs
The best defense against malicious email attempts is an educated user. Have a security mindset and be skeptical of any unprompted requests for personal information. Learn key identifiers of malicious emails by watching the How to Identify Phishing video below or by taking the SonicWALL Online Phishing and Spam IQ Quiz.
Remember, Northwestern University will never ask for personally identifiable information.
When you receive any email requesting personally identifiable information, follow these best practices to protect yourself and the University:
- NEVER reply to an unsolicited email that asks for your personal information, including requests for NetID passwords, Social Security Numbers, or requests for credit card information. Remember, Northwestern University will never request personal information via email. Other institutions (your bank or credit card company) would not email you requesting this type of information either.
- COMPARE suspicious emails to the list of recent phishing email attempts collected and posted by NUIT.
- DON'T click on links directly from emails. Open a new browser and type the address yourself. You can also bookmark the NU Validate pages to update or verify your NetID password.
- BE WARY of messages with suspicious, misspelled, or awkward language, or that reference non-existent Northwestern departments like "University Webmail Support" or the "Webmail Messaging Center."
- DELETE messages you confirm or recognize to be phishing attempts from your "Inbox" and your "Deleted Items" folder to avoid accidentally accessing the Web sites within the bogus email.
- DO NOT send personally identifiable information, such as passwords, credit card account numbers, and Social Security Numbers, through email.
- Regularly UPDATE and USE antivirus and anti-spyware software, and your firewall.
- BE CAUTIOUS about opening any attachments or downloading any files from emails you receive, regardless of who sent them.
Took the Bait? Report It!
If you believe you have responded to a malicious email, change your NetID password immediately and call the NUIT Support Center at 847-491-4357 (1-HELP) to report the scam.
- Scam Email Attempts at Northwestern
- Scam Email Attempt Archive
- Email Defense System
- The Federal Trade Commission
- Anti-Phishing Working Group
- FBI Cyber Investigations
- The Internet Crime Complaint Center (ICCC)
- National Consumer's League's phishinginfo.org
- SonicWALL Online Phishing and Spam IQ Quiz
- Information Security News Podcasts
NUIT Support Center
Central service desk for students, faculty, and staff.
Submit a Support Request
Last Updated: 17 May 2013