Body
Overview
Email security risks include phishing, threats, spam, and scams, which can lead to data breaches, financial losses, and operational disruptions.
Here's a more detailed look at common email security threats:
Information
To understand the difference between these security risks, please review the table below:
| Type |
Description |
Risk to you |
Risk to Williams |
Action |
| Spam |
Unsolicited but benign |
Low |
Low |
Use Gmail's "Report spam" or "Block..." functions, Unsubscribe |
| Scam |
False pretense to defraud |
Moderate |
Low |
Use Gmail’s “Report phishing” function |
| Phishing |
Credential or PII capture/theft |
High |
High |
Use Gmail’s “Report phishing” function |
| Threat |
Threat of violence or offensive language |
Varies |
Varies |
Email css-dispatch@williams.edu and call x4444 |
This may seem like a lot, but we subconsciously classify email every day. We quickly understand that the sender, their tone, and the content included are consistent with a colleague or a supervisor, and trust that email to be legitimate. The table above should help guide you when dealing with the unsolicited items of unknown or questionable origin. Pro tip: Now is a great time to abandon using email clients, like the macOS Mail app and Microsoft Outlook, which may not offer the features listed above, have little to no built-in security, and can occupy a HUGE amount of your hard drive space unnecessarily!
Spam and Threats
Spam is unsolicited email from legitimate sources, like junk mail and catalogs you may receive in the actual mail. Spam intends to get a message out (like a sale or a new product release) but is not meant to trick you and is low-risk to you and the college.
Because of the lower risk, OIT will end monitoring the ‘spam@’ address by the end of October, 2024. Instead of sending your spam there, please use the “Report spam” function in Gmail, which automatically moves the message to your spam folder, and lets Google know it’s unwanted. You can also use the Unsubscribe link (required in legitimate spam) to stop future occurrences, and/or Block the sender.
If an email contains threats of violence or targeted offensive content please forward that email to css-dispatch@williams.edu and call x4444 to report this to Campus Safety.
Scams
Scams are usually emails from unknown senders, often spoof college personas, almost always include a sense of urgency, and are designed to steal from you. Student-facing scams often include offers of part time work (just send $500 for setup fee and equipment), but can take many shapes, including natural disaster relief donations, “free” pianos, welding equipment, or other goods. (You just have to pay for the shipping!) The “sextortion” scams may even include a Google Maps street view of your residence! Now even AI is being used to scam people: GenAI used to call a potential victim
When you receive a scam email, please use Gmail’s “Report phishing” feature and do not engage with the sender or provide any contact info in the message. The risk of a scam relates to the individual, but we don’t want people to get caught up in these, so we treat them as seriously as phishing. We’ve seen occasions where students, faculty members and staff have fallen for these.
OIT will review emails submitted via this method, and may take action up to and including removal from all recipients’ inboxes when necessary.
Phishing
Phishing attempts are usually emails from unknown senders, often spoof college personas, almost always include a sense of urgency, and are designed to steal your log in credentials. Often including links to fake login pages that have our logos and colors.
When you receive a Phishing email, please use Gmail’s “Report phishing” feature and do not engage with the sender or provide any contact info in the message. Sending replies or clicking links will indicate your email is active and the bad actors will continue to target your email address.
OIT will review emails submitted via this method, and may take action up to and including removal of the email from all recipients’ inboxes when necessary.