Don't Take the Bait on That Phishing Scam

In light of the recent phishing schemes that have plagued FAS e-mail addresses, FAS IT issued a cautionary announcement last Thursday: "Please be aware that an FAS IT employee will never ask for your account password, whether over the phone or by e-mail. To do so would violate University security policy."

Though the increase in reports of phishing schemes—messages that claim authenticity and ask for confidential information—doesn't mean there's a security breach, we asked Noah S. Selsby '95, senior client technology advisor for FAS IT, to give us some tips on preventing harm from these privacy-invading scams. Here's what he told us:

1. Never click any links or open any attachments that seem suspicious or you did not request.

2. Never respond to a suspicious e-mail asking for private information.

3. If you are unsure about an e-mail, you can check its authenticity by calling the FAS IT help line at 617-495-9000 or e-mailing help@fas.harvard.edu.

4. Continue to report these scams to FAS IT so they can make announcements if they are seeing particularly high traffic.

Selsby said that if you've already responded to a phishing scam e-mail, you should immediately contact the institution that manages the account for which you provided the personal information.