What Should I Do About Hoaxes and Scams?

Important: If you may have inadvertently released sensitive or confidential information related to the university, report the incident immediately to security@tamu.edu or your network administrator.

Responding To Scams

Scams can include spoofed emails and counterfeit web sites that are designed to trick you into disclosing personal information such as credit card numbers, usernames, or passwords. If you suspect a scam or fraudulent scheme:

• Try to verify it by contacting the company directly. Don't use contact information provided on an email or possible hoax web site connected to the request. Instead, check previous account statements for contact information or use a search engine to find a company's real web site.
• Look up information about known phishing attacks available online from groups such as the Anti-Phishing Working Group.

Responding To Hoaxes

Real warnings about viruses or other network problems are issued by computer security response teams such as CIRC, CERT, and NASIRC. If you see the warning on a team's web site, you can usually be assured that the warning is real. Also, check with your network administrator about campus-related warnings.

Here are other ways to check the validity of warnings or alerts:

• Check sites that document hoaxes to see if the warning has already been declared a hoax. Check the A&M Alerts/Notices on this site or go to antivirus software or operating system vendor sites for official notices or warnings.
• See if the email includes the name of the person submitting the original warning. Warnings without the name of the original poster, or warnings with names, addresses, or phone numbers that do not actually exist are probably hoaxes.

Reporting Scams and Hoaxes

If you believe you may have fallen victim to a scam:

• Take appropriate actions to protect your bank and credit accounts such as contacting your financial institutions. For more information, see What Should I Do If My Identity Is Stolen?
• You can report the incident to the police or the Federal Trade Commission's Bureau of Consumer Protection.

If you receive a hoax or scam email and want to report it:

• Do not circulate any warnings without first checking with an authoritative source such as Networking and Information Security or your network administrator.
• You can report phishing scams to the Anti-Phishing Working Group, which has a repository of phishing emails and web sites to help people identify scams.