Identify Fraudulent Email Messages

Many people get tricked into giving their Dartmouth password to someone else via an email message they receive that appears to be from a valid sender, or they get malware installed on their computer by clicking a link in an email message that appears to be from a valid sender. When opening email - from someone you don't know or someone that you think you do - here are a few tips to quickly identify whether an email message you received is valid:

A Forged "From" Address

It is very easy to forge the "From" address in an email. Looking at the "Reply to" address will give you more information about where the message really originated from. Seeing the "reply to" address varies depending upon the application you are using to read your email.

The "From" and "Reply to" appear automatically in Outlook 2016 (both Macintosh and Windows) and In the example below, the "From" email address is <President's>; the "Reply to" email address is "". It would be an unusual occurrence for the President's Office to send an email where they want the replies to go to a non-Dartmouth account:

In Apple Mail (Mac Mail) and Mail on iOS devices, the "Reply to" address does NOT show by default. To turn this on, from within the Mail application, click Mail from the menu bar, then Preferences from the list that appears. Click Viewing from the menu bar in the window that appears. Remove the check mark from the Use Smart Address field, then restart the Mail application. Once this is done, email messages will display as shown above in the Outlook 2016 example.

Emails Asking Your to Verify Your Account

Dartmouth doesn't require you to confirm that you still need your account. If you're an active faculty, staff or student, you have an account; once you become inactive, your account automatically goes away. If you have another type of Dartmouth account (e.g. departmental, organizational, sponsored), you'll receive an email telling you that your account is expiring and that you need to contact your advisor/sponsored to get it extended. There isn't a website that you can go to to extend it yourself.

It is common for people at Dartmouth to receive an email stating something to the effect of "you need to verify you still need your account within the next 24 hours or it will be close". You are then directed to a website where you're prompted for your user name and password. Once you enter that, someone else now has access to your account. An example of one of these scams is below. Notice that the "From" looks to be "Office 365" but the "Reply to" is an account at The link that you need to click only shows the word "Verify" but it doesn't take you to a Dartmouth website.

Poorly Constructed Emails

Many bogus emails are easily recognizable due to the typos, different fonts, and odd wording in them. If you receive an email that looks like the sender is not someone affiliated with Dartmouth - even though their email address indicates they are - it is a quick signal that the "from" address could be forged.

Things to look out for include: typos, multiple colored fonts within a message, odd phrasing that indicates the sender isn't familiar with Dartmouth or English (e.g. the message refers to the chancellor's office and Dartmouth doesn't have one of those).

Messages with Links

Email messages often come with links to web sites in them. The sender of the email can have the text of the message show anything they want, then, in the background, have the website that you go to be different than the text you actually click.

For example, the text could read "" but when you click the link you actually go to a different website, one that installs malware on your computer.

An example that came to Dartmouth accounts recently is:

Before clicking the link, you can verify where you will go by hovering on the link text but not clicking on it. A small window should appear, showing you the real website you will go to if you click that link. If it is not the same, don't click it. With the message shown above, you would see that it would take you to which is not a Dartmouth website. You'd be prompted to enter your Dartmouth NetID and password to confirm your account - which would then mean that someone not at Dartmouth now could log in as you.

Attachments You Weren't Expecting

When you receive an email message that has an attachment, you should always deem it as suspicious unless you have been told in advance you will be receiving it - even if it looks like it's coming from IT or from the President. All sorts of attachments can cause malware to be installed on your computer, or can work to steal your password or data; even a word or excel document can run malicious software on your computer so don't open it until you know it's safe.

We've seen attachments that look like they were sent from your department's printer. If you didn't scan something to email, don't open the attachment. In the example below, the recipient noticed that the message came from a Xerox, and he had a Konica, so he knew it was bogus.

Opening a secure file that requires a password is a common way for someone to get your password. If it's a Dartmouth message, there are better ways to deliver secure files. If you have a need to share secure files with others at Dartmouth, contact your department's IT support office for assistance on better ways to do this rather than email.

In general, if you get an email with an attachment that you are not expecting, reply to the sender (making sure it wasn't a bogus "from" address) verifying that they sent you a file before you open it.

Emails Requesting That You Provide Confidential Information or Money

Another common type of bogus email is one that purports to do something for you - once you provide them your confidential information or money. As with scams like this that come via the telephone, do not ever give someone confidential information unless you are expecting to (e.g. when you apply to Dartmouth for a job). Do not ever send money to someone who requests it via email unless you personally know them. An example of this type of scam is below. The email address has been masked so that people cannot write to it.

If you have any questions about the validity of an email you receive, contact your department's IT support office for assistance. It is easier for them to tell you whether a message is valid, than it is to get your computer cleaned up after you've opened a message that installed malware on your computer, or stolen your data.



Article ID: 65386
Wed 10/17/18 2:07 PM
Mon 11/11/19 3:00 PM