Hackers use email or websites that appear to be from reputable institutions such as banks, credit card companies, employers or academic institutions that request account information. They often express urgency or indicate that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. These hoaxes have spread to social networking sites and text messages.
- Be suspicious of any message that requests your information and NEVER send it through email.
- Do not click links in messages that ask you to log in. Type a trusted address in your browser or search for the website if you don't know the address.
- Never type sensitive information (passwords, account numbers, etc.) on websites without verifying the website's authenticity (make sure you are at the correct address) and security (look for an https in the address bar).
- Pay attention to the address: Malicious websites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.net vs. .com).
- If you are unsure whether a request is legitimate, contact the company directly. Do not use contact information provided in the request. Instead, check previous statements for contact information.
- In general be wary before providing sensitive information online or over the phone.
Information about known hoaxes and scams is posted at the following sites:
- Passwords: If you have revealed your password, change your password on every account that uses it. For NetID passwords, also report the disclosure to Help Desk Central at 979.845.8300 or firstname.lastname@example.org so they can be on the look out for suspicious activity.
- Financial Information: If you have revealed financial information, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplained charges to your account.
- Consider reporting the attack to the police and filing a report with the Federal Trade Commission.
To combat fraudulent emails supposedly sent by Texas A&M Information Technology or Help Desk Central, look for a specific format we use when emailing individuals directly (i.e. not bulk mailings). This format includes using your first and last name as well as providing the last four digits of your Universal Identification Number (UIN).
The salutation should appear similar to the following sample:
Dear FIRSTNAME, LASTNAME (UIN ending in ####):
Texas A&M IT NEVER asks you to send sensitive information via email (e.g., social security number or password) or uses e-mail to send you unsolicited files to run on your computer.
Texas A&M Information Technology sends email notifications to students if malware is suspected on their computers. To ensure it is a legitimate email from Texas A&M IT and not a phishing scam, check for the following items in the email:
- Your name and last 4 digits of your UIN
- Explanation of the malware detected
- Instructions to type in URLs and not click links directly
- Contact number to call with further questions
If you receive one of these emails, please follow the directions to remove the malware from your computer.