Email messages, however authentic they might look, may not be legitimate and may be spam or phishing. What's the difference, and what can you do to keep them out of your inbox?

• Spammers are usually trying to sell you something - products to improve your home, your sex life, your professional skills, your computer – or tempt you into some get-rich-quick scheme. If no-one ever believed them, they would stop sending them. But because there's always someone who acts on these requests, they keep coming – it’s costing the spammer nothing to send the messages. The emails usually include a link to a website that may infect your machine with malware and/or turn it into a “spambot” that the spammer will use in future to send yet more spam messages.
• Phishing is more serious, and more targeted. Phishers are “fishing” for information – credit card and bank account numbers, usernames and passwords, medical information, and the phishing holy grail – social security numbers. Their goal is to trick you into revealing this information so that they can steal your identity and your money. Phishing emails usually masquerade as coming from somewhere familiar, like a bank or government agency, and lead you to a fake website that’s similar enough to the real thing that you’ll trust it and hand over your information.

HSU users have been targetted by a number of phishing campaigns where the email claims to be from the IT department or "webmail" group and requests that the recipient click on a link to update their information. These pages are hosted off-campus and can look almost identical to HSU's login pages. Sometimes they claim that the recipient's information is out of date or that they have exceeded their email quota. HSU will never email you asking for your password. If you have received a message like this and entered your information, you need to change your password immediately.

Learn more about spam and phishing.

What you can do

Gmail helps HSU to keep spam and phishing attempts off the network and out of everyone's inbox by detecting and blocking most of it at the network perimeter, where the Internet meets the HSU network. But every so often, a particularly clever attempt will get past the filters. Here’s what you should do if this happens:

1. If an offer looks too good to be true, it usually is. Never click on a link in one of these messages – including any Unsubscribe link (clicking on this just tells the spammer there’s a live person at this email address).
2. If the message appears to come from someone you know, like your bank or the HSU helpdesk – call them and ask them. No reputable organization is going to request this kind of personally-identifiable information by email.
3. If you use Gmail as your email client, click on the reply down arrow (more) in the message and choose Report phishing or Report spam. You can also click on the exclamation mark on the toolbar to report spam. See illustration below left.
4. If you use Outlook as your email client, click on the Junk button in the toolbar (it’s usually towards the left) and choose Block Sender. See illustration below right.