Spam and Phishing

Fordham University will never ask you to provide personally identifiable information (PII), such as your Fordham ID number (FIDN) via email. As a rule, do not send any PII through email. If you receive such a request via email, contact IT Customer Care.

Learn how to protect yourself against spam and phishing by taking our free, self-paced online Cyber Security Awareness training. It can be found under "My Courses" in Blackboard, accessed at

Spam is email you do not wish to receive. Most spam is commercial advertising, and its content is often inappropriate and sent to a large number of recipients. Spam can also be sent via instant messaging applications, cell phone texts, blogs, web forums, and other types of electronic media.

Phishing is an attempt to acquire personal sensitive information via email or website disguised as a legitimate page or company. Beware of requests for your phone number, account, PIN, and ID numbers, or your social security number. Fraudulent emails may be poorly written and even incoherent. 

Attackers may compromise legitimate email accounts belonging to people you know or to addresses by sending phishing email from these accounts.

Fordham Gmail is scanned for suspicious content. For more information, see our pages on spam filters and TAP (Targeted Attack Protection), for faculty and staff, which analyzes and blocks in real-time malicious URLs and attachments.

Identify fraudulent emails
If you are unsure of a link in an email, mouse over--but don't click--on the link. A small pop-up window will appear that shows the actual URL that the link connects to. If the URL doesn't match, or the URL is not from a domain or company you are familiar with, then there is a good chance that this it is a fraudulent email and the site is not legitimate.

Most URLs for organizations and companies use URLS that begin with https://. The "S" stands for secure; http:// is not a secure connection.  

If the email is from Fordham, it

  • Will come from a email account
  • Will not contain a generic greeting, for example, "EDU Webmail Users," or have no greeting at all 
  • Will not request that you respond to a non-Fordham email address
  • Should be signed by a Fordham employee or department.

Forward any suspicious email to IT Customer Care.

For more information about phishing and spam, including current known activity at Fordham, subscribe to the Fordham SecureIT blog.