Olin Business School at Washington University in St. Louis | Groups

Spam & Phishing

Spam and Phishing are two types of unwanted email that you will encounter. The information here will help you identify and respond when it shows up.

What is Spam?

Spam is unsolicited mail that is primarily advertising. It isn't usually malicious, but it can be annoying, and it's not something you asked for or agreed to receive.

What is Phishing?

Phishing is an attempt (usually via email) to trick you into providing personal and confidential information such as passwords, Social Security numbers, credit card numbers, etc. They cam also direct you to install malware on your computer by asking you to click on links and run software.

You can often identify phishing messages by the following:

  1. The email is an unexpected request from a financial institution, government agency, corporation, or even from someone at the University.
  2. The message asks for an urgent response.
  3. There are often numerous spelling and grammar errors.
  4. The message asks you for your password, a credit card number, or bank account information.
  5. The message asks you to click on a link that is an unknown or strange address.

Protect yourself against phishing fraud and malicious files

The Information Security office at the University has some advice for how to protect yourself against phishing and malware:
  1. Don't Share your Secrets - Never give out your passwords, credit card information, Social Security number or other private information through email. Even if the email seems authentic or alarming, do not reply.
  2. Don’t click - Instead of clicking on a link in a suspicious email, check the address first. Even though a website and/or URL in an email looks real, criminals can mask its true destination.In Outlook you can place your mouse over a link (don't click) and it will show the real address. If it looks suspicious, you don't want to click it.
  3. Pick up the phone - If you have any reason to think that a department or organization really needs to hear from you, call them to verify any request for personal or sensitive information. Emails that say “urgent!”, use pressure tactics or prey on fear are especially suspect. Do an online search for a contact phone number or use the contact number published in the WUSTL directory.
  4. Use secure websites - Always check if you are on a secure website before giving out private information. You can determine whether a website is secure by looking for the “https://” rather than just “http://” in the Web address bar or for the small lock icon in the Internet browser.
  5. Pay attention to security prompts - If your browser cannot validate the authenticity of the website’s security certificate, you will be prompted. This is frequently a telltale sign of fraud and would be a good time to pick up the phone or report a suspicious message.
  6. Keep track of your data - Regularly log onto your online accounts and make sure that all your transactions are legitimate. Review your bank and credit card statements every month for strange charges. Most credit cards allow you to logon and setup alerts. Consider setting up an alert for charges of any amount so that you know immediately when your card is being used.
  7. Ask for Help - If you are a victim of an email scam, report it to your IT department, the ISO or HIPAA Privacy Office. Ask them if you have questions. They're here to help.
  8. Change your Password - Reset any account passwords that may have been compromised.

Reporting Spam and Phishing Messages

For more info about how to report spam, phishing, and non-junk email, check out the Report Spam & Phishing page.


Antivirus refers to the products and technology used to detect malicious code. Antivirus software can help prevent malware from infecting your system and remove malicious code that has infected the system.

For Microsoft Windows, we recommend that you use the built-in malware protection provided by Windows Defender. Third party antivirus software can often cause more issues than it solves, and the Microsoft product does a good job of protecting systems.

The most important thing you can do is to keep your system up-to-date and stay up-to-date with Windows Updates that are released each month. Mac Users should also stay up-to-date with any MacOS updates and as well as applications updates such as for Microsoft Office.