Remember
- Information Technology Services will never ask you for your password.
Email is the most common way cybercriminals try to steal your credentials. They impersonate people you trust to trick you into giving up your password or personal information. Follow this guide to learn how to identify email scams and protect your Lafayette account from unauthorized access.
Phishing is a form of email fraud. It is a malicious attempt to trick a recipient into providing credentials like their Lafayette NetID and password. Though there may be some overlap, phishing and spam are different. Spam is unsolicited marketing email and does not attempt to collect your personal information.
Phishers try to look like an entity you trust to make you disclose your private information. Messages called phish appear to come from a reputable source, such as the Lafayette Help Desk, a trusted online service, or a credit card company. While email is the most common channel, the same tactics show up in text messages and phone calls, too.
Phish might have Subjects like “Lafayette email update” or “Email account termination” and instruct you to click on a link and “log in and update your account.” A message might look legitimate, but today’s phishing emails are often written or cleaned up with AI, so misspellings and bad grammar are no longer reliable giveaways. The signals that hold up are below.
A message might look legitimate, but today’s phishing emails are often written with AI, so misspellings and bad grammar are no longer reliable giveaways.
Spear phishing is email spoofing that targets a specific individual or organization in order to gain access to systems like email. Messages might be personalized, look authentic, and appear to come from a Lafayette email address. Pay particular attention to emails that appear to come from Lafayette College Webmail Services, ITS Help-Desk, Help Desk Support, or System Administrator. These messages may include an official Lafayette logo and include instructions to click on a link.
Ransomware attacks also impersonate a trusted sender, but involve an attacker requesting a recipient download an attached file. The file contains ransomware, a type of malware that encrypts files on a computer or shared drive and literally holds data hostage. A warning that files are encrypted may appear. A victim cannot decrypt the files unless they pay a monetary ransom.
Wire fraud is another type of targeted phishing that tries to trick an employee into providing payment for an invoice. The phish might state the invoice is past due and a late fee is pending. The message appears to be from someone with whom the employee has an established business relationship.
Use the resources below to keep your digital identity safe.