1. Saint Mary's College will never ask for your password over e-mail.
    2. Saint Mary's College will never ask for your password via a Google Form.
    3. You should not reply in any way to e-mail messages that request information such as your password, your birth date, your credit card and bank account numbers, your Social Security number, or any other sensitive information. No legitimate institution (including colleges and banks) will ask for these details over e-mail. If you receive an e-mail directing you to a phone number or website to provide this information, do not use the contact information or links provided in the message. Instead, contact the institution using their officially published phone number or website and ask for instructions.
    4. Saint Mary's Information Technology will not send e-mail to students, faculty, or staff regarding their network accounts without providing detailed contact information in a signature that you can confirm via the Saint Mary's Online Phonebook. (http://eureka.saintmarys.edu/phonebook/)
    5. To change your Saint Mary's password, please visit http://www.saintmarys.edu/account. If you have responded to a phishing scam, change your password immediately.
    6. While Saint Mary's College and Google Apps for Education attempt to block fraudulent messages before they reach your e-mail inboxes, scammers try to be one step ahead of the e-mail filters. If you receive a phishing e-mail, simply delete the message.
    7. The SonicWALL Phishing and Spam IQ Quiz tests how well you can identify a legitimate e-mail from a phishing scam. http://www.sonicwall.com/phishing/
    8. When Saint Mary's Information Technology or Google Apps for Education discovers that an e-mail account has been compromised (usually as a result of a phishing scam), the account will be locked to prevent further access. While this stops the person with your account from doing further damage (including deleting messages in your account, reading any messages in the account to cull personal information, changing the account settings, and sending excessive amounts of phishing and spam messages), it will also prevent the owner of the account from accessing their e-mail. If you suspect that your account has bee locked, please contact ResNet (students) or the Helpdesk (faculty and staff) for information on setting up an appointment to have your account restored to your control. Appointments should be expected to last an hour, and you will need to bring government-issued identification with you. (Appointments are required for addressing compromised accounts, walk-in requests for assistance cannot be accommodated.)
    9. If an account is compromised and phishing and spam messages are sent, Internet Service Providers (ISPs) or e-mail hosting services may decide to block all messages from the domain the messages are from (saintmarys.edu) to protect their customers. Hotmail, MSN, Live, AOL, AT&T, and SBCGlobal have repeatedly blocked/blacklisted saintmarys.edu after one of our accounts has been compromised, preventing any messages with a saintmarys.edu address from going through to the intended recipients. Information Technology works with the ISPs to remove our domain (saintmarys.edu) from blacklists when this occurs.
    10. Saint Mary's College has multiple students, faculty, and staff reply to phishing scams with their personal information annually. Information Technology cannot stress enough that we will never ask for your password or other personal information over e-mail or via a Google Form.
    11. Examples of phishing scam subject lines, designed to have you open the message:
      • E-Document
      • Confirm Your Account Details
      • Account Upgrade/Maintenance
      • Attention Email Account holder
      • Account Confirmation {Account Expires in 4 days}
      • Alert: Mail Quota
      • Mailbox has Exceeded Storage Limit
      • breaking news

    12. Where phishing scam messages can come from:
      • A phishing scam message can come from any e-mail account.
      • Any unsolicited message, especially one that includes a link or attachment, could be suspicious. You should not open attachments on click on random links in e-mails - especially if they are in messages you are not expecting. You can hover your cursor over links in e-mails to find out where they actually go - for example, a link to a Dropbox login page should take you to a dropbox.com page if it was legitimate, and not to web address you don't recognize (such as dropbox.xyz).

    13. How to tell if your account may be compromised:
      • If you begin receiving a number of "Delivery Status Notification (Failure)" messages, that may indicate that your account was recently compromised.
      • If there are filters set for your account that you did not create, that would indicate that your account was compromised.
      • View the most recent sessions for your account. If your account has been accessed from places you were not located, change your password and then log out of all other open sessions for your account to prevent further unauthorized access.
        1. Change your password at http://www.saintmarys.edu/account.
        2. Log into your Saint Mary's e-mail and scroll down to the very bottom of the page.
        3. In the lower right corner, you'll see Last account activity and the link Details. Click on the link. This will show everywhere your account is signed in (or was most recently accessed).
        4. Click on the Sign out all other sessions button to sign out of all sessions logged in with your account (including any that an unauthorized individual may be using).
        5. Close the Activity information window.

    14. For more information, please visit:

Last Modified July 30, 2016