The Information Security Group has been tracking emails messages reportedly coming from American Express to “verify a customer inquiry.” Many in the Brown community rightly identify these messages as phishing, but we wanted to provide this reminder in case you receive one. Always remember that no legitimate organization would ever ask you to send or input your ID and password.
Any such request is clearly a phishing attempt that is trying to get you to click on the link and hand over your credentials. Doing so can allow others to access your account. In addition, sometimes a keystroke logger or malware may be deposited on your computer that cause further headaches.
When you receive any phishing message, your should click the dropdown box next to the reply arrow in your Google account, and select ”Report phishing.” You can read more about phishing on ISG’s Phishing Primer page and keep up with reports of phishing at Brown in the Phishing & Malware alerts section of this blog.
If you did answer this (or any) phishing message, best practice dictates:
- You should change the password immediately (and if you use the same password elsewhere, change that as well).
- If the computer appears to working in an unusual way, or if slowness is observed, the action may have left malicious software on the computer, which should be removed as quickly as possible. You can follow the best practices steps on the ISG page Cleaning an Infected Computer, or contact your DCC or ITSC support person.