On Phishing

Phishing is a form of email fraud. It is a malicious attempt to trick recipients into providing credentials like their Lafayette NetID and password. Though there may be some overlap, phish and spam are different. Spam is unsolicited marketing email and does not attempt to collect your personal information.

Phishers try to look like an entity that you trust to make you give them your private information. Messages (“phish”) appear to come from a reputable source such as the Lafayette Help Desk, an online service, or a credit card company.

Phish might have Subjects like “Lafayette email update” or “Email account termination” and instruct you to click on a link and “login and update your account.” A message might look legitimate, but those who are clued-in will notice misspellings, bad grammar, or a sender email that differs from an official contact address.

What to Do

Be discriminating. Look for the clues detailed above to spot forms of fraudulent email.

Delete the message. If you receive a message that looks fraudulent, delete it. A legitimate message won’t prompt you for sensitive information. Information Technology Services and the Lafayette Help Desk will never ask you for your password.

Educate yourself. Use the resources below to keep your digital identity safe.

If you suspect that you provided your NetID and password in response to a phish, change your password and immediately contact the Help Desk at help@lafayette.edu or (610) 330-5501. After changing your password, be sure to update your password on any mobile device configured to access your Lafayette email or calendar. If you are unable to reset your password, contact the Help Desk.

Other Forms of Email Fraud

Spear phishing is email spoofing that targets a specific individual or organization in order to gain access to systems like email. Messages might be personalized and look authentic and be coming from a Lafayette email address. Pay particular attention to emails that appear to come from Lafayette College Webmail Services, ITS Help-Desk, Help Desk Support, or System Administrator. These messages may include an official Lafayette logo and include instructions to click on a link.

Ransomware involves another kind of email fraud that also impersonates a trusted sender but requests a recipient to download an attached file. The file contains ransomware, a type of malware that encrypts files on a computer or shared drive and literally holds data hostage. A warning that files are encrypted may appear. A victim cannot decrypt the files unless they pay a monetary ransom.

  • If you cannot open files and suspect ransomware, do not pay the ransom. Immediately contact the Help Desk at help@lafayette.edu or (610) 330-5501.

Wire fraud is another type of targeted phishing that tries to trick an employee into providing payment for an invoice. The phish might state that the invoice is past due and that a late fee is pending. The message appears to be from someone with whom the employee has an established business relationship.

  • If you receive an email asking for payment of an invoice, check your records and communicate directly with your contact at the business requesting payment.

Resources