Don't Be Fooled By Messages Asking For Your Caltech Username And Password

Many campus users are receiving email claiming to come from an IT support group (sometimes even IMSS or the Help Desk), asking for the user's password and other private information, or requesting that you "verify your account" by logging into a website. Please be aware that this is a form of security attack known as "phishing" designed to fool users into giving their usernames and passwords to an attacker. Please do not reply to these messages or visit any websites they may refer to. IMSS does not recommend providing usernames and passwords by email, and IMSS will never ask users for their passwords by email or by phone under any circumstances. When visiting a website, be sure to check the address bar on your browser to confirm that the site you're visiting is the one you were expecting. If you receive any confusing or worrisome email messages about any of your Caltech accounts, we strongly recommend contacting the IMSS Help Desk (395-3500 or [email protected]) or your local system administrator. In the event that your password is exposed to an attacker, please be sure never to use that password again, for any purpose, and particularly never for the account it once belonged to.