On this page:

• If you receive a suspicious email
• If you responded to a suspicious email
• Never email your personal or financial information
• Review your credit card and bank account statements
• Use caution with tax information
• Use email etiquette
• Use security best practices

 

Take the following steps to protect yourself against phishing:

If you receive a suspicious email

• Do not reply, even if you recognize the sender. Contact the institution directly to verify the email.
• Do not click any links in the emails (or cut and paste them into a browser). This can download viruses or confirm your email address to phishers.
• Do not open any attachments. Confirm with the senders if you receive an unexpected attachment.
• Do not enter personal information on an untrusted Web site or form linked in the email. 
• Report suspicious messages claiming to be from UMass Amherst, contain a suspicious attachment, or link to itprotect@umass.edu.
• Delete the message.

If you responded to a suspicious email

• Contact your financial institution. Report the email and actions to the security or fraud department.
• File a police report. Contact the UMass Police Department at (413) 545-2121 or your local police department.

If you provided your IT Account information to a phishing email, your account may be disabled (all accounts that display signs of suspicious activity are frozen) follow the steps below: 

• Contact the IT Service Desk to report the incident and get your IT Account reinstated (if applicable).
• Change your IT Account password immediately in SPIRE. If your IT Account was disabled, create a new password when you re-activate your account.
• Change the passwords to all online accounts that may have been compromised.
• Report the message to the Federal Trade Commission (FTC) through their online fraud report form and any impersonated organization.

Never email your personal or financial information

Legitimate financial institutions never ask for sensitive information via email.

Review your credit card and bank account statements

Monitor activity on your financial accounts by carefully inspecting your credit report annually. Federal law requires the nation’s major credit reporting companies to give everyone a free credit report every 12 months. Inspect your report for inaccurate information or unfamiliar accounts.

Check your bank and credit card accounts for any suspicious activity or unauthorized charges. Sign up for online statements to get the latest information.

Use caution with tax information

Tax-related fraud occurs when someone accesses your personal information. The Internal Revenue Service (IRS) does not contact taxpayers through email, text, or social media to request personal or financial information. Visit the IRS website to report tax-related phishing scams.

Use email etiquette

Ensure your email isn't mistaken for an infected message:

• Always include a clear, descriptive subject for your email.
• Consider using an email signature (your name, contact information, etc) at the end of an email.
• If including an attachment, describe what it is and why you are sending it within the email.

Use security best practices

• Use a unique password for each of your online accounts to prevent the risk of a data breach.
• Run a full virus scan of your computer every month by using a current and updated version of your anti-virus software.
• Update your device's operating system with the latest security patches and enable automatic updates.
• Keep your software updated, especially your web browsers and mobile operating system.
• Only use approved storage applications for sensitive data and institutional information. Do not use Third-party applications as storage or transmission methods for institutional information. See Where can I store or share my data? for more.
• Do not "jail-break" your smartphone while connecting to the campus network. "Jailbreaking" or "rooting" a mobile device compromises security and increases susceptibility to viruses.