Phishing and Scam Websites
For people who ask that we notify the rest of the campus immediately about the latest scary message they got:
Thank you for your concern. We get more than a dozen different types of phishing attempts on this campus per week. We do not send out a warning about each one as we get complaints about being spammers ourselves every time we send an email about anything. We try to confine our warnings about this issue to no more than twice a semester.
For people who are asking if the phishing expedition is legitimate:
Thank you for checking with the Helpdesk on this issue. This is a phishing expedition designed to get you to reveal personal information about yourself that can be used to break into computer accounts and/or steal your identity. Please be assured that we would never ask for personal information such as your password, your Social Security number, your Mother’s maiden name, etc. Never respond to E-mail requests for vital personal information unless you are the one who initiated the contact.
Some perpetrators of phishing expeditions are becoming extremely clever and can convincingly mimic service providers (like us) or even government agencies such as the INS or IRS. Please feel free to check with us anytime you are uncertain about a request that is asking for information about you.
For people who are reporting a phishing expedition that we are not aware of:
Thank you for forwarding the phishing expedition to us. Our network administration staff has been notified so they can block responses to this message. Delete the message and thanks again for being alert enough to recognize the scam.
Please be assured that we would never ask for personal information such as your password, your Social Security number, your Mother’s maiden name, etc.
For people who are reporting a phishing expedition that we are already aware of:
Thank you for forwarding the phishing expedition to us. We are already aware of this particular one but always appreciate being informed in case we haven’t heard about it yet. Please delete the message if you have not already done so.
For people who have responded to a phishing expedition and then realized their error:
Thank you for notifying us that you responded to a phishing expedition. Please start your browser and go to http://go.middlebury.edu/activate and change your password immediately. This will help protect your computing accounts and the Middlebury College network. Please let us know when you have completed the password change. If we don’t hear from you in a reasonable amount of time we will have no choice but to temporarily disable your accounts. Thank you for your prompt attention to this matter.
Clever web sites look like the real thing, but are not what they appear to be...
Sometimes, malicious web sites / web pages, may pose as legitimate, trying to trick you into revealing some private information. Firefox 2 and above, Internet Explorer 7 and above, as well as Safari 3.2 and above, have built-in phishing protection. However, in some cases, if you suspect that a site may be malicious, you can lookup the site at http://www.phishtank.com/ to see if anyone else has reported this website as malicious. Also, please contact the Helpdesk at x2200 when you suspect an email phishing expedition is underway on campus.