1. Saint Mary's College will never ask for your password over e-mail.
    2. Saint Mary's College will never ask for your password via a Google Form.
    3. A phishing scam message can come from any e-mail account. Any unsolicited message, especially one that includes a link or attachment, could be suspicious. You should not open attachments or click on random links in e-mails - especially if they are in messages you are not expecting. You can hover your cursor over links in e-mails to find out where they actually go - for example, a link to a Dropbox login page should take you to a dropbox.com page if it was legitimate, and not to web address you don't recognize (such as dropbox.xyz).
    4. You should not reply in any way to e-mail messages that request information such as your password, PIN, birth date, credit card and bank account numbers, Social Security number, or any other sensitive information. No legitimate institution (including colleges and banks) will ask for these details over e-mail. If you receive an e-mail directing you to a phone number or website to provide this information, do not use the contact information or links provided in the message. Instead, contact the institution using their officially published phone number or website and ask for instructions.
    5. Saint Mary's Information Technology will not send e-mail to students, faculty, or staff regarding their network accounts without providing detailed contact information in a signature that you can confirm via the Saint Mary's Online Phonebook. (http://eureka.saintmarys.edu/phonebook/)
    6. To change your Saint Mary's password, please visit http://www.saintmarys.edu/account. If you have responded to a phishing scam, change your password immediately.
    7. While Saint Mary's College and Google's Workspace for Education attempt to block fraudulent messages before they reach your e-mail inboxes, scammers try to be one step ahead of the e-mail filters. If you receive a phishing e-mail, simply mark the message as spam or delete the message.
    8. The SonicWall Phishing IQ Quiz tests how well you can identify a legitimate e-mail from a phishing scam. https://www.sonicwall.com/phishing-iq-test/
    9. When Saint Mary's Information Technology or Google's Workspace for Education discovers that an e-mail account has been compromised (usually as a result of a phishing scam), the account will be locked to prevent further access. While this stops the person with your account from doing further damage (including deleting messages in your account, reading any messages in the account to cull personal information, changing the account settings, and sending excessive amounts of phishing and spam messages), it will also prevent the owner of the account from accessing their e-mail. If you suspect that your account has been locked, please contact ResNet (students) or the Helpdesk (faculty and staff) for information on setting up an appointment to have your account restored to your control. (Appointments are required for addressing compromised accounts, walk-in requests for assistance cannot be accommodated.)
    10. Saint Mary's College has multiple students, faculty, and staff reply to phishing scams with their personal information annually. Information Technology cannot stress enough that we will never ask for your password or other personal information over e-mail or via a Google Form.
    11. How to tell if your account may be compromised:
      • If you begin receiving a number of "Delivery Status Notification (Failure)" messages, it could indicate that your account was recently compromised.
      • If there are filters set for your account that you did not create, that would indicate that your account was compromised.
      • View the most recent sessions for your account. If your account has been accessed from places you were not located, change your password and then log out of all other open sessions for your account to prevent further unauthorized access.
        1. Change your password at http://www.saintmarys.edu/account.
        2. Sign in to your Saint Mary's e-mail account (mail.google.com) and scroll down to the very bottom of the page.
        3. In the lower right corner, you'll see Last account activity and the link Details. Click on the link. This will show everywhere your account is signed in (or was most recently accessed).
        4. Click on the Sign out all other sessions button to sign out of all sessions logged in with your account (including any that an unauthorized individual may be using).
        5. Close the Activity information window.

    12. For more information, please visit:

Last Modified July 12, 2021