IAS warning on email scams and other phishing activity

Dear Faculty, Members, Visitors, and Staff,

As we start the Winter-Spring term here at the Institute for Advanced Study, we are reminded of the risks of scams and phishing as they arrive on campus. This morning, an email with the subject "Urgent Notice!" found its way to many of your Inboxes. We really appreciate everyone's concerted effort to notify us of the phish so that we can block its effectiveness of stealing your credentials and data.

Here are a few things to notice about this email that should identify it as a scam.

An image of a scam email that is described in the article.

The first is the subject. Notice that the subject is written in a way to evoke emotion. This is an example of something that is "too bad to be true". If it starts a physical response (e.g. heart beats faster), that should be your first sign that it may be too bad or too good to be true. This should be a sign to immediately stop, think about the situation, before you decide to connect.

The second is the "from" address. This one is very obvious that it has nothing to do with the IAS. Sometimes they are more subtle, though. The "to" address is also suspicious. Why doesn't it say my email address @ias.edu?

Lastly, if you hover over the link it does not take you to an IAS page. All these things together should help you identify that this is a false message. If you have a suspicion, contact your helpdesk for more information before you act on the message. Remember, there should not be an urgency in email, or if there is, you should feel empowered to take your time to respond.

For more information, take a look at these following blog posts.

Phishing
Spotting a scam email (aka a phish)
October 2022 Security Awareness Seminar for this and more tips on keeping yourself secure.

Thank you and safe computing!

Brian Epstein
Institute for Advanced Study
Chief Information Security Officer

Blog