Three Seconds to Avoid Being Scammed*
When you recieve an email, review the sender details as shown below:
- Click the down arrow.
- Review the actual From Email Address in <gray>.
- Review the “sԱ-:” and verify the domain it was sent from is what you’d expect. It should match the portion of the email address that follows the “@” in the From Email Address shown in <gray>.
*This example shows the trick in Gmail. Most mail apps have the same option, it just may look a little different.
Scam Example
- The image above shows Sender Name and From Email Address in an actual scam email seen at ýapp.
- The Sender Name, “IT HelpDesk help@bc.edu,” looks like it is from a ýapp sender. But it is not!
- The Sender Name is very easy to fake and can include any email address or text the sender wants.
- The From Email Address is clearly not an @bc.edu address: “accounts@selahdesignstudio.com"
- The From Email Address is difficult to falsify.
- Emails claiming to be from a “ýapp” person or department without an “@bc.edu” in the actual From Email Address field, should be viewed with extreme skepticism.
- This subtle distinction is critical to avoid being scammed.
What if you think you've received a scam email?
- If you aren’t sure an email is authentic, instead of replying, contact the sender using information you already have (such as their ýapp email address from the ýapp Directory).
- Do not reply to the email, or text/call any phone numbers included in the email.
- Do not click on any links in the message.
- In the Gmail web interface, click the three dots in the upper right corner and select, “Report phishing” or “Report spam.” This will train Google’s artificial intelligence to move these messages to your Spam folder.
- If you suspect a message is phishing or fell for a scam, forward it to phishing@bc.edu and contact security@bc.edu.