Spam and Phishing
Fordham University will never ask you to provide personally identifiable information (PII), such as your Fordham ID number (FIDN) via email. As a rule, do not send any PII through email. If you receive such a request via email, contact IT Customer Care.
Learn how to protect yourself against spam and phishing by taking our free self-paced online UISO Security Training for Employees, found under My Organizations in Blackboard.
Spam is irrelevant or inappropriate messaging sent online to a large number of recipients. It can be sent via email, over text, in messaging apps, and other types of electronic media.
Phishing is an attempt to obtain sensitive information by disguising as a trustworthy website, person, or company. Requests for personal information such as phone number, account ID, PIN, Social Security number, passwords, etc. are examples of information attackers in a phishing campaign might seek. Always think twice before providing sensitive information online.
If something feels fishy, it's probably a phish.
Attackers may compromise legitimate email accounts belonging to people you know or to @fordham.edu addresses by sending phishing email from these accounts.
Fordham Gmail is scanned for suspicious content. For more information, see our pages on spam filters and Targeted Attack Protection (TAP), for faculty and staff, which analyzes and blocks in real-time malicious URLs and attachments.
Identify fraudulent emails
If you are unsure of a link in an email, mouse over--but don't click--on the link. A small pop-up window will appear that shows the actual URL that the link connects to. If the URL doesn't match, or the URL is not from a domain or company you are familiar with, then there is a good chance that this it is a fraudulent email and the site is not legitimate.
Most URLs for organizations and companies use URLS that begin with https://. The "S" stands for secure; http:// is not a secure connection.
If the email is from Fordham, it
- Will come from a Fordham.edu email account
- Will not contain a generic greeting, for example, "EDU Webmail Users," or have no greeting at all
- Will not request that you respond to a non-Fordham email address
- Should be signed by a Fordham employee or department.
Forward any suspicious email to IT Customer Care.
For more information about phishing and spam, including current known activity at Fordham, subscribe to the Fordham SecureIT blog.