SPAM, Phishing and Other Stories

Attackers are constantly testing to see if they can gain something from us - it could be information, money, credentials, or access. This can come in the form of SPAM (or junk mail), phishing (email or phone impersonation), or via social media or sharing sites. It is important that you stay aware of the risks, and question clicking links, answering emails, or giving information to an unknown, incoming phone caller.

What can be done to limit my risk?

The University is constantly trying to reduce the risks attributable to spam, phishing and other exploits.

University Anti-Spam efforts
University Phishing Awareness campaign
Forward SPAM or Phishing Email to spam@stanford.edu
The University has also added a "Phish Reporter Button" to Outlook
Pick a strong password for all your accounts and ensure the password for your SUNet ID is different than every other password you have
Stanford also provides free Dashlane Password Manager accounts to current faculty, staff, and students

What should I do if I've made a mistake and given up information or access?

If you accidentally replied to a scammer, visited a fake website, and/or may have supplied them with any of your personal information including email or password:

Change your SUNet ID password at accounts.stanford.edu
For a compromise of High Risk data, contact the University Privacy Office as soon as possible
For compromised user accounts or devices (or if you accidentally allowed someone to control your computer), submit a ticket to your local IT Support or to the University Information Security Office

Quick Links

NEVER CLICK ON LINKS in unsolicited email.
NEVER DOWNLOAD FILES from suspicious email.
NEVER GIVE OUT YOUR PASSWORD to anyone.
When in doubt, CHECK with TDS.

Find a doctor

Clinics & Services

Research Resources