Introduction
How to make sure that you are logging into a valid Amherst College web service, and not to a phishing website that copies the look of the Amherst site in order to steal your username and password.
Note
If you suspect that you have received a phishing email, please forward it to phishing@amherst.edu. We track all phishing attempts and actively block links to fraudulent websites.
Instructions
Because of our high-bandwidth Internet connection, access to an Amherst College mailbox is prized by spammers and other criminals, so you will receive email messages throughout your time at the College that will attempt to trick you into entering your Amherst login information on a non-Amherst login page, thus compromising your account. This process is called "phishing."
Given that the world is full of slimy creeps who want to steal your Amherst login credentials, so how do you tell whether the login page you are presented with is legitimate? The answer is in the URL.
If you are logging in using a phone, you may need to drag down your browser window to see the URL of the login page. Just remember the phrase "Don't be a clown; pull down." You may also need to rotate your phone to see enough of the URL to tell whether it is legitimate. Get into the habit of always doing so.
The first characteristic of a legitimate Amherst login page is the lock icon and the https: prefix(1). If the URL of the login page doesn't have the lock or only uses the http: prefix, do not enter your username and password.
Next you need to examine the text between the double slash marks and the first single slash mark(2). The text in this area can vary, but what cannot vary is the last item before the first single slash: It must be ".amherst.edu"(3) and nothing else.
Thus, the URL of a legitimate Amherst login page always adheres to the following format:
(lock icon) https://<variable text>.amherst.edu/<variable text, possibly including other slash marks>
If the page you're logging into doesn't conform to the above, don't log in.
To report a phishing email, please forward it to phishing@amherst.edu.
And get used to checking out the URL of any online service (bank, credit card, social media) that you log into.