Who should I contact if I receive a phishing message or spam?
I'm not sure if an unexpected email request is "suspicious" or "seems real." What should I do?
What should I do if I think I've gave my password to a phishing scam?
Can an email message that contains a company's official logo be a phishing scam?
What is the University doing to protect against these kinds of messages?
- Just delete it. We expect that some phishing or spam messages will get through the filter, so there is no need to alert anyone. Forwarding a message just gives more exposure to the dangerous content.
- Don't take action on the request. Attempt to contact the sender and see if it is real. Use a published phone number, email or web address for the alleged sender. NOT the one in the message.
- Immediately change your password! Then, contact the Information Security Office, by phone 310 506 4040.
- Yes. That is why you must always check the web address bar for encryption and a matching domain when entering your password. Logos and branding are publicly available and easily copied into an email or web page.
- The ultimate protection is to train each person to do the right thing with unexpected email requests and to check the web page before entering a password. The University's spam filter is blocking the overwhelming majority of spam and phishing messages, but some will get through. You can read more about the spam filter on the Spam Filter FAQ page: http://community.pepperdine.edu/it/tools/email/spam/spamfaq.htm