With tax season right around the corner, scammers are looking for ways to get ahold of sensitive institutional and personal information to commit tax fraud. Phishing, or scamming users via email by posing as a legitimate entity, is one of the easiest and most effective ways to accomplish this nefarious crime.
Here are a few tips and questions to ask yourself so you don’t get hooked:
-
Are you expecting an email of this nature (e.g., password reset, account expiration, wire transfer, travel confirmation, etc.)?
-
Does the message ask for any personal information? (password, credit cards, Social Security Number, etc.)
-
Hover your mouse over the links in the email. Does the hover-text link match what’s in the actual text? Do the actual links look like a site with which you would normally do business?
-
Click “Reply.” Does the address in the “To” field match the sender of the message?
-
If the message purports to be from an IU email account or device, check the email headers. All messages originating outside the IU Network will include the text external-relay.iu.edu. The presence of this text most likely indicates the message is not coming from a legitimate IU sender.
If you’re not sure about the legitimacy of an email message, report it with the full email headers so IU cybersecurity experts can investigate.
Visit the Protect IU site to learn more about phishing and email scams >>