Carnegie Mellon University

Caution: Scam Emails!

January 11, 2019

Phishing and Spam Emails Are No Joke

You open your email inbox and see a "personal" message from a Carnegie Mellon dean, asking for a favor. What an opportunity to impress! Be careful. What may look like a legitimate request could be an "impersonation" scam email.

Phishing or Spam?

Computing Services identifies a scam email as either a "phishing" or "spam" message.
  • A phishing message tries to get you to send your CMU or other credentials or sensitive data, such as a password, account or credit card number.
  • A spam email is any other type of unsolicited request. Ransom, extortion, and impersonation messages are typical forms of spam.

Smart Actions

In 2017, attackers launched more than 400 scam email attempts at Carnegie Mellon affiliates. In 2018, the numbers doubled. Help prevent another increase this year. Let us know if you receive a scam email so we can take the necessary steps to block future messages from the sender. Simply copy the full header of the message and send it in an email to us.

Follow these suggestions to protect yourself from scam emails. Refer to the Information Security Office recommendations for additional guidance.

  • Change your password periodically. Scammers sometimes wait months before using a login id and password.
  • Check with the alleged sender before clicking on links or opening attachments in unexpected email.
  • Verify URLs or use reliable bookmarks to navigate to university services, especially login pages.
  • Promptly address email that alerts you to unexpected changes to sensitive information, for example, your Workday or banking information. Contact the department or company using information provided on an account statement, not information provided in an email

Visit the Computing Services website often to stay up to date on our latest news and feature stories, and subscribe to our feature news and service alerts.