Q: What's phishing?
A: Phishing is an online scheme designed to obtain personal information from unsuspecting individuals. Spammers "phish" to see how much info they can "catch".

Q: How does it work?
A: You'll receive an email that appears to be from the Hampshire IT department, Help Desk, or some other seemingly legitimate business or organization asking you to provide your username and password or some other sensitive information.

Q: How can I tell if an email is a phishing scheme?
A: If it asks for your username and password, it's a scam. Period. We will NEVER ask for your username and password. The messages will often sound threatening or urgent- don't be fooled!

Here are some other clues that you're being phished:

• The return address is not a straightforward name@hampshire.edu.
• They ask you to reply with your username, password and other personal information to confirm your account.
• They ask you to go to follow a link to a website and enter your username and password.
• They claim your account will be deleted or deactivated if you do not provide your username and password.

Q: What happens if I fall for one of these schemes?
A: The phishers will hijack your account and use it to send thousands and thousands of spam messages. This causes huge problems for our email systems and can result in outages for the whole community.

Q: I fell for a phishing scheme. What do I do?
A: Change your password immediately. Then call the Help Desk at x5418.

Q: I got a message I think is a phishing scheme. What should I do?
A: Delete it. Don't read it, don't click the links, don't load the images. There's also no need to forward it to the Help Desk or an IT staff member. We're aware of these messages coming in because we get them too.

Again, here's how to avoid phishing schemes:

• NEVER give your username or password out in an email, not even to us!
• NEVER reply to any email asking for your personal information. Any response will indicate that they have found a working email address, and they can hijack it to send out more phishing messages.
• NEVER click on a hyperlink from an unsolicited email. If you have reason to believe it is not legitimate DO NOT CLICK OR GO TO THE WEB ADDRESS. If you believe it may be legitimate type it into the web browser yourself. This will make sure you know where you're going.
• NEVER load images in unsolicited mail. Loading the images may trigger a response to the sender that your email account is valid, and available to hijack.

Q: What can we do to prevent being targeting for phishing schemes?
A: Unfortunately, nothing. All you can do is learn to recognize them, delete them, and move on. Eventually, the spammers will give up on this tactic if people stop responding.

A Phishing Awareness Campaign by the Hampshire College IT Department: