There are several steps you can take to protect against phishing:
If you receive a suspicious email
Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the message and meant to send an attachment.
Do not enter your personal information on an untrusted Web site or form referenced in this email.
Delete the message.
If you responded to a suspicious email
Contact your financial institution. Report the content of your email and your actions to the security or fraud department.
File a police report. Contact the UMass Police Department at (413) 545-2121 or your local police department.
If you have already provided your IT Account information in response to a phishing email, your account may be disabled (all accounts that display signs of suspicious activity will be frozen). It is critical that you:
Never email your personal or financial information
Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email.
Review your credit card and bank account statements
The best way to monitor activity on your financial accounts is to carefully inspect your credit report every year. Federal law requires the nation’s major credit reporting companies to give everyone a free credit report every 12 months. Once you have your report, look for inaccurate information or unfamiliar accounts.
Check your bank and credit card statements as soon as you get them. A great deal of damage can happen in 30 days. Consider switching to online statements.
Use caution with tax information
From the Internal Revenue Service: "Scams can be sophisticated and take many forms. We urge people to protect themselves and use caution when viewing emails, receiving telephone calls or getting advice on tax issues. [...] Keep your personal information safe and secure. Taxpayers should protect their computers and only give out their Social Security numbers when absolutely necessary."
Use email etiquette
To ensure that your email isn't mistaken for an infected message:
Always include a clear, descriptive subject for your email.
Consider using a signature, your name and contact information, on your email.
Always include a mention of the attachment and a description of why you are sending it in the body of your email.
Use our Security Checklist
Run a full scan of your computer every month. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated. We offer anti-virus software free of cost to members of the University community.
Update your computer's operating system with the latest security patches from Windows Update (Windows) or Apple Software Update (Macintosh). Enable automatic updates to receive security patches as soon as they are released.
Keep your software updated, especially your Web browser, Adobe Reader, and Flash Player. Use Secunia PSI to scan and patch outdated programs.
Security Checklist for Personal Computers | Security Checklist for University-owned Computers