To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:
FIRST: Check to see if the phishing attempt has already been reported by looking at the Security Alerts listing on http://www.hawaii.edu/its/
- If the suspicious email is claiming to be another organization, e.g., credit union, bank, etc., forward it to the abuse team of that company. There is no need to forward other company's phishing scams to firstname.lastname@example.org
- forward a copy of the message with full mail headers to email@example.com
[to get full mail headers, please see http://www.hawaii.edu/askus/895 ]
To prevent compromises:
- NEVER send your password or other confidential personal information in an email message, even in reply to a message that appears 100% genuine. No responsible entity requests information this way.
DO NOT REPLY to suspicious or spam mail. It just tells the spammers/hackers that they've hit a valid email address.
if you receive a message asking you to "reactivate your account" or "get more email quota", DO NOT click on the weblink and enter your username and password
make sure you're up-to-date with all operating systems (e.g. Windows) updates
make sure you're up-to-date with any anti-virus and anti-spyware updates
don't save passwords to your email account on your system, it might take a few more seconds to login manually, but it might save you hours of time cleaning up after a compromise
If you suspect that you are compromised...
This article is part of the Spam at the University of Hawaii