Carnegie Mellon University

Caution: Phishing Emails!

August 23, 2019

Don't Take the Bait!

You open your email inbox and see a "personal" message from a Carnegie Mellon dean, asking for a favor. What an opportunity to impress! Be careful. What may look like a legitimate request could be an "impersonation" scam email.

Phishing or Spam?

Computing Services identifies a scam email as either a "phishing" or "spam" message.
  • A phishing message tries to get you to send your CMU or other credentials or sensitive data, such as a password, account or credit card number.
  • A spam email is any other type of unsolicited request. Ransom, extortion, and impersonation messages are typical forms of spam.

Smart Actions

In 2017, attackers launched more than 400 scam email attempts at Carnegie Mellon affiliates. In 2018, the numbers doubled. Let us know if you receive a scam email so we can take the necessary steps to block future messages from the sender. Copy the full header of the message and send it us.

Follow these suggestions to protect yourself from scam emails. Refer to the Information Security Office recommendations for additional guidance.

  • Check with the alleged sender before clicking on links or opening attachments in unexpected email.
  • Confirm the URL is one you recognize, especially login pages.
  • Promptly address email that alerts you to unexpected changes to sensitive information, for example, your Workday or banking information. Contact the department or company using information provided on an account statement, not information provided in an email.

Visit the Computing Services website often to stay up to date on the latest news.