Spoofed messages are a kind of spam designed to look like they originated from a person or organization you could be familiar with. A spoof could also be a message that looks like it was meant for someone else but was sent to you by accident, or a returned email that appears to have originated with you but contains a message you didn’t send.

Many spoofed messages are harmless. However, a message designed to get you to provide personal information, or download software that will steal that information from you — a tactic often referred to as “phishing” — is a particularly dangerous kind of email spoof.

Boston University will never ask for your login and password information via email.

A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information in this format.

Don’t follow links, and never provide personal information.

You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond, don’t use the email message to do that. Go directly to the legitimate website of the sender (PayPal, for example) and log in there.

Don’t open attachments that you weren’t expecting.

Many viruses are designed to send out spoofed email messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.

If it’s too late…

If you responded to a suspicious email message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.