DO’s and DON’TS to protect against email and phishing scams


If you have an email account, you’ve almost certainly been on the receiving end of attempts to con you into giving up information, buying into a scam, or clicking on malicious links or files.

These emails can take the form of too-good-to-be-true schemes, crisis alerts, or “phishing” for account/personal details by impersonating a trusted institution.

These attempts have become increasingly sophisticated.  Scammers can create convincing emails that appear to come from trusted sources, including your bank and even universities like UW.

Following the guidelines below will dramatically reduce the risk of falling victim to email and phishing scams.

  • DON’T send passwords or any sensitive information over email.
    No legitimate business or organization will ask you to send your password, account information, social security number, or other sensitive data over email.  NEVER respond to an email requesting personal, financial, or other protected information, even if it appears to be from UW, your bank, or another trusted institution.

Instead, directly contact the institution that the email appears to be coming from, using the number listed on your credit card or bank statement (or equivalent document, such as your cell phone bill it the email claims to be from your mobile provider).  If the email appears to be from UW, forward it to, being sure to include the full email headers.

  • DON’T click on “verify your account” or “login” links in any email
    Always open a new window and use the institutions official home page to log into any account.

Links in an email may appear to go to a trusted site, but actually redirect to a page that steals your login information.

  • DON’T reply to, click on links, or open attachments in SPAM or suspicious email

Clicking through or replying to SPAM can verify your email address and encourage more such attempts in the future.  Send SPAM straight to the trash or report it to the FTC at  You can learn more about that by visiting the Federal Trade Commission site.  NEVER open attachments from senders you don’t know.


  • DO report impersonated or suspect email

If you receive an email asking for personal, login or financial account information and appearing to be from UW, your bank, or another trusted institution, forward the email to the FTC at  Also forward the email to the organization being impersonated.  If the suspicious email looks like it came from UW, forward it to and be sure to include the full email headers.


  • DO be cautious about opening attachments, even from trusted senders

Email accounts can be hacked or impersonated by scammers and files and attachments that have been infected with viruses and malware can be embedded in your account and email.  If opened, these can access your data and/or harm your computer.  Be wary of opening unsolicited attachments or downloading materials from an email, even if they appear to come from someone you know.


To reduce the use of attachments, you can use your UW Office 365 to share files.  Choose this system over email attachments to improve security.


  • DO install antivirus and firewall programs

Anti-virus software and a firewall can protect you from inadvertently accepting malicious files.


Anti-virus software scans incoming communications and files for malicious content.  Look for anti-virus software that updates automatically and can perform real-time protection.


A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources.  It’s especially important to run a firewall if you have a broadband connection.


  • DO check financial statements and credit reports regularly

Read your monthly bank account and credit card statements to be sure all charges are authorized, and request free annual credit reports to be sure there are no unauthorized accounts open in your name.

Was this helpful?
0 reviews


Article ID: 9611
Mon 11/9/15 4:16 PM
Wed 5/4/16 8:08 PM