Send your password? Never!
Phishing e-mail—you may have heard of it or even received some. It is a phony message crafted to appear as if it is coming from a bank, a commercial enterprise, or a Princeton organization such as OIT or the Credit Union. These messages request that you send personal information or your password to verify your account. Sometimes the message even threatens to end your service unless you do so.
These phishing scams can trick you into providing your Princeton account and password, or personal information like your Social Security number or bank account details. The e-mail can look and sound very official, often including the organization’s logo and an e-mail address that appears to be legitimate. They may even appear in your quarantined messages and look as if it was sent from someone at Princeton; don't trust or release messages that have been marked as spam and quarantined.
No reputable organization will ever ask you to send personal credentials or your password. This includes OIT, the Credit Union, and your bank. So, don’t send it! You should also never click or copy a web link, nor call any phone number that may be included in these phishing e-mail messages. If you have a question about any such request, call the apparent sender, using a phone number that is published in your customer service information or on the organization’s public website.
Remember: if anyone asks you to send your password, DON’T SEND IT! When you receive such messages, follow safe computing practices. Delete them without any interaction and keep your accounts, your personal information, and Princeton’s systems and data secure.
For more information about phishing, see the IT Security article, "Protect yourself against "phishing" for your IDs, passwords and other personal information."