Look at the screenshot below of the two browser windows. They both show a WUSTL Key login page.
Can you spot any differences between the two?
Don’t see anything different? Look closer at the address bars of each browser window:
One shows a website address with a secure connection (note the lock icon), and one shows not only an insecure connection, but an address that isn’t affiliated with Washington University at all.
One browser window has a real WUSTL Key login page, and the other browser window has a fake login page, designed to steal your WUSTL Key credentials.
Every now and then, you may receive an email claiming to be from someone at Washington University asking for you to verify account information.
They may ask for you to verify your username, password, and possibly other personal information (such as birthday or social security number).
Many of these emails have you click on a link to “verify” your account information. The link may lead to a fake site that looks real.
Sometimes the emails may even make threats, saying that your account will be closed if you do not comply.
These are scams. They are from people trying to fool you into giving them access to your account.
No legitimate email would ever request sensitive information such as a password.
A general rule is simply that you do NOT give your password to anyone through email or the Internet.
Giving out your password could compromise your account. Someone may start using your email account then to send out even more fraudulent emails or gain access to other accounts you may use with that email account.
It may not be easy, but there are usually ways to identify how legitimate an email is. Things like poor spelling, missing punctuation, or bad grammar may give away a phishing email.
Even if everything in the email was written correctly, you can still spot a fake/phishing email just from checking out any link it wants you to click on.
Here is an example of an email that you might get:
Sounds scary, doesn’t it?
Where does that link really go? Put your mouse cursor over it to see the actual link (your browser window should show the address at the bottom of the window).