Spam & Phishing

Click only links and files that are expected, and only from people you trust. There is a reason so many cyber attacks start with a bogus email message. It works. This type of scam is called phishing, and the goal is to get you to click a fraudulent link, open an unsafe file, or give up personal information.

How to Report

Forward phishing emails to phishing@harvard.edu.

When HUIT receives a suspected phishing email, they check it out to determine the risk. If it is a phishing attack, they may take any of the following steps:

  • Breaking dangerous links so they don't connect to unsafe webpages
  • Blocking malicious files from being delivered to to inboxes in the future
  • Escalating the report to our security operations team to investigate compromised systems or accounts

Quick reporting from users at Harvard has saved others in the past, so make sure to forward phishes to phishing@harvard.edu.

Spotting a Phish

Phishing can come in many different forms, from obvious-to-spot frauds to sophisticated deceptions, but they share some common characteristics. Before you click a link, consider if the message you are reading contains these suspicious attributes:

  • Sense of urgency and time constraint
  • Fear of losing money or winnings
  • Requests to verify accounts or credit card numbers
  • Communication from services you do not use
  • PDF Attachments from businesses
  • Generic email providers
  • Poor grammar and spelling
  • Confirmations that lack details, such as delivery locations or travel dates
  • Any emails from the IRS
  • Unexpected, but out of character, emails from people you know
  • Files or links that require you to download additional software to view them
  • Close, but not quite right, links

Want to Learn More?

Information contained within the 'Click Wisely' section of the University's 'Small Actions, Big Difference' security campaign can teach you how to spot a phony links and phishing scams, as well as when you should report a phishing attempt.