Skip to content

Phishing & Spam

Reporting

Please report suspected bad mail to mailabuse@drexel.edu as per Drexel IT's instructions for reporting Scam or Phishing emails. CTS does not control mail flow nor spam/phishing filtering, so there is no need to send copies to us when reporting.

Safety Tips

Drexel IT maintains some useful tips for protecting yourself from potentially malicious emails:

  • NEVER EVER give anyone your password. Doesn’t matter who asks or why.
  • Avoid opening unsolicited attachments. Scammers use them to transfer malware or viruses.
  • Be wary of social engineering. Scammers scrape personal information from the Internet and use it to impersonate friends or authority figures.
  • Don’t blindly click links. Hover over the link with your mouse and verify that the link matches the text.
  • If you do click an unsolicited link, and it takes you to a sign-in page, DON’T sign in.
  • If it sounds too good to be true, it probably is.

Outlook 365 Advanced Threat Protection (ATP)

All Drexel email is routed through Microsoft ATP services to scan for malware and common phishing attempts before being delivered. Once the message is delivered, any attachments will be shown as a placeholder while the file is scanned in the background. The attachment will then become available once the scan has completed, assuming it hasn't found any issues.

Links in emails are also rewritten so that they pass through Microsoft's scanners once their clicked. This rewriting, however, has the effect of making all links in emails appear suspicious because of how the service obsfucates the actual address. We've come to understand that Microsoft is working to address this in future releases of Outlook.

Decoding 'protected' URLs

If you're unsure of where an address will take you, you can copy and paste the full URL from Outlook into the top textbox at o365atp.com which will show you the decoded URL underneath.