Messaging Scams

What should I do if I receive a suspicious message?

NEWS: Emails from the "President" offering you a "NEW DEVELOPMENT FILE" = PHISHING SCAM!

The newest phishing email going around is pretending to be from Stanford's new President, and offering you a file to download. Another example of a phishing attempt is an email claiming to be concerned with your webmail security, with links prompting you for your SUID and password. Step one of getting a message that seems suspicious: Don't do what it's asking you to do! Don't call the number they give, don't click on any links, don't download anything, don't follow their instructions.

If you receive a suspicious email, you can compare it to the Information Security Office's list of known phishing scams. You can also forward your email to for analysis. You should then delete any such emails from your inbox or phone.

To report or verify a phishing email, and to compare it to the list of known scams, click here for details.

What if I Clicked On Something?

If you accidentally downloaded a file or provided your info (or think you did):

  1. Change your SUID password NOW at
  2. File a help ticket with IRT security
  3. Be on the lookout for any unauthorized activity around your online identity (changes to your email, passwords, bank accounts, etc.)
  4. Always double check in the future: a REAL webauth page will only ever start with "" and will have a little lock icon before it. A REAL Stanford website should have Stanford (spelled correctly) in the first part of the URL, between the first set of slashes. If those things aren't true, don't log in! Here are some more hints to tell if an email might be phishing.

It's always a good idea to double check a message from ANY source which asks you for personal information. There was even a new "smishing" (SMS + phishing) scam circulating awhile ago, via text message. People would receive a text claiming to be from something like the "Credit Union Center" or "My Credit Union Alert," saying that a credit or debit card will be cancelled unless the user calls immediately and supplies the card number. Upon calling and entering the card number, the user will then speak to someone who asks for the card's PIN code for "verification." Sounds like a scam? You're right!

How Can I Tell If It's Fake?

  • Although a lot of spam emails are obviously fake, sometimes they're just convincing enough to leave you wondering. And now with the increasing prevalence of mobile phones, scammers are branching out into text messages, even voicemail. Spammers keep evolving their tactics, but if you look closely, the same things usually give them away.


  • Some signs that a message might be a scam:
  • It's trying to scare you ("Do this or else a bad thing will happen RIGHT NOW!")
  • OR It's trying to fly under your radar by being incredibly boring and generic, with no personal or company names anywhere ("Re: Our business dealings. See attached file.")
  • It's referring to services that are usually well-protected (email accounts, banking/financial services) or that use financial information (e-commerce sites, etc.)
  • It asks for the keys to your information: your PIN, your password, etc... even if it's just asking you to "confirm" them (Stanford will NEVER ask for that information, nor will organizations such as your bank)
  • It claims to be from a company you've never heard of, or never done business with
  • The TO, FROM or REPLY-TO addresses, or the sender's website, doesn't match the sender's business name (an email address that ends in "" is not, in all probability, from a real bank)
  • The message contains poor spelling, odd grammar, and/or awkwardly-phrased sentences
  • A URL contains a sneaky misspelling (recent Stanford-targeted phishing scams pointed to "weblogiin" with 2 'i's)
  • Hovering the cursor over a link (but don't click!) reveals a different real URL target than the text of the link 


  • NEVER CLICK ON LINKS in unsolicited messages.
  • NEVER DOWNLOAD FILES from suspicious sources.
  • When in doubt, DON'T.



To report or confirm possible phishing attempts, forward suspicious emails to the ISO at: