Spam, Phishing, and Spoofing Frequently Asked Questions

This service is for faculty, staff, and students.

St. Thomas never asks for your username or password via email. Never click a link claiming to upgrade or save your account. These are not legitimate emails and can lead to more spam or identity theft. 

What is the difference between spam, phishing, and spoofing?
Spam Phishing Spoofing
Spam is the use of email to send bulk messages; it often is commercial advertising for dubious products, get-rich-quick schemes, or quasi-legal services. Spammers gather email addresses in many ways. Just as with our mailboxes at home, we are subject to receiving junk mail electronically. The best course of action is to delete these emails when you receive them. Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by acting as a trustworthy source. Phishing is typically carried out by email, and it often directs users to enter details by replying to the message or at a fake website whose look and feel are almost identical to the legitimate one. The Tech Desk keeps track of new phishing attempts and reports prominent ones on our social media & alerts page.  Email spoofing is the process of faking the ‘from’ address when sending an email so that the recipient thinks it came from somewhere else. Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

What should I do if I receive a suspicious email?

If you clicked a link or responded with your credentials (username and password), change your password immediately!

The safest thing to do is to simply delete the message. You can click the Junk button when you're in the message. This will move the email to your Junk Email folder and block the sender from continuing to send you messages. 

You can also forward any suspected phishing emails to phishing@stthomas.edu for our team to evaluate. 

Can I block spam in my inbox?

While it is impossible to eliminate all spam messages, it is certainly possible to reduce it! All accounts have spam filtering. 

You will be able to simply click on the Junk button from any email message that appears to be spam which will move it directly to your Junk Email folder.

You can mark an email as JUNK or PHISHING from a dropdown menu on any email in Office 365.

Additional options are available directly from Outlook in Office 365 to block repeating senders, mark legitimate emails as "not junk" as well as mark senders as safe.

Where to Find Your Messages

Messages identified as spam or phishing will now automatically move into the Junk Email Folder within your inbox. You can mark emails as “not junk” to move legitimate messages directly back into your Inbox. 

ITS recommends:

Only use your St. Thomas account for university related business. Create an alternate account (e.g. Gmail, Yahoo!. Hotmail, etc.) for online purchases and account registrations.
 

How do I protect myself from spam, phishing, and spoofing?

  • Never share your password with anyone and never send your credentials via email
  • Don't open files from unknown or unfamiliar senders as these can often contain viruses or malware
  • Be cautious what links you click on. On a computer, hover over them before you click
  • Look out for threatening and urgent tones to take action now
  • Only use your St. Thomas account for university related business. Create an alternate account (e.g. Yahoo!, Gmail, Hotmail etc) for online purchases and registrations.
  • Typos and mispellings are often a giveaway that this is a suspicious email

For your security, ITS will never ask you for your credentials via email nor ask you to click a link to save your account from deletion. If you receive a suspicious email such as this, report it to the Tech Desk.

 

To report a problem or receive additional troubleshooting, please contact the Tech Desk
Report a Security Incident Print Article

Details

Article ID: 99056
Created
Mon 2/24/20 10:33 AM
Modified
Tue 6/18/24 3:22 PM

Related Services / Offerings (2)

Microsoft Outlook in Office 365 is the university's official solution for email and calendaring. Submit a request here for: -Request new Shared Mailboxes -Request Spam Whitelisting -Sending Email from External Services -Troubleshooting (be sure to include mailbox affected and platform attempting to send from) -DG membership updates
Notice something fishy (or phishy) with an account or system? Start here.