CU Home Help
Columbia University Information Technology
 Service Alerts
 CUIT Service Catalog
 Get Help Now
 Manage My UNI
 Services Overview
 Network Overview
 Labs & Classrooms
 Network Use Policy
 About CUIT
 CUIT Home

E-mail & Computing
Phishing Scams and Spam

Be skeptical and avoid phishing scams.

Always be skeptical, especially of things that are free. Chances are, you didn't just win a lottery without buying a ticket, and a foreign oil magnate is not going to give you ten million dollars for laundering his money. These types of "phishing scams" seem to be spreading more frequently and are becoming more intelligent.

Now, scammers send email claiming to be from a bank or some other trusted online institution and beg, cajole, or threaten us to give them our account numbers and PINs. They even can include links to webpages that look exactly like the real thing. If you ever receive a message like this, and you think it may be legitimate, bring up your web browser and type the URL that you are already aware of. Don't trust the email message to contain any valid information, and don't follow links to modify your online accounts.

When you're downloading free software from the Internet, make sure you read the fine print. Lately, it seems more and more companies are giving away "free" services or software on the condition that you agree to have all of your Internet activity monitored and the results sold. So be careful out there. The days when you could safely agree to anything are long gone, if in fact they ever existed at all.

Even though CUIT carefully maintains filters that prevent most spam from reaching inboxes, phishing scams are more likely to get through. These messages look very legitimate to scanning software. If you'd like, you can set up a personal spam filter online that is less tolerant than the one used by the whole University. Follow the link below for more information.

CUIT filters out executable and archived (or "zipped") attachments, so it's extremely unlikely that a virus will ever be sent to your Columbia account. Other accounts on other servers, however, do not take this step. For this reason, always be suspicious of file attachments that are sent to you, even if you know the person sending it. Many worms will send themselves to everyone on a given machine's contact list. Others misrepresent their origins by changing (or "spoofing") the email address of the sender.

Instant messenger networks are vulnerable to worms spreading through file attachments or links to infected websites. If you are presented with a file or a link, even if it is from someone you know, and you weren't expecting it, send a message back to get confirmation that it's safe.

If you use Columbia's email system, you can set up personal block lists and also adjust the tolerance of your spam filter by visiting or by clicking the Account Management link below.

Recognizing and Avoiding Email Scams

Manage Your UNI Account

Anti-Phishing Working Group


To reach this page quickly in the future, use the keyword phishing.

Reporting Security Problems

Send reports of security incidents, attacks, or questions to