Because of our high-bandwidth Internet connection, access to an Amherst College mailbox is prized by spammers and other criminals, so you will receive email messages throughout your time at the College that will attempt to trick you into entering your Amherst login information on a non-Amherst login page, thus compromising your account. This process is called "phishing."

Given that the world is full of slimy creeps who want to steal your Amherst login credentials, so how do you tell whether the login page you are presented with is legitimate? The answer is in the URL.

If you are logging in using a phone, you may need to drag down your browser window to see the URL of the login page. Just remember the phrase "Don't be a clown; pull down." You may also need to rotate your phone to see enough of the URL to tell whether it is legitimate. Get into the habit of always doing so.

The first characteristic of a legitimate Amherst login page is the lock icon and the https: prefix⁽¹⁾. If the URL of the login page doesn't have the lock or only uses the http: prefix, do not enter your username and password.

Next you need to examine the text between the double slash marks and the first single slash mark⁽²⁾. The text in this area can vary, but what cannot vary is the last item before the first single slash: It must be ".amherst.edu"⁽³⁾ and nothing else.

Thus, the URL of a legitimate Amherst login page always adheres to the following format:

(lock icon) https://<variable text>.amherst.edu/<variable text, possibly including other slash marks>

If the page you're logging into doesn't conform to the above, don't log in.

To report a phishing email, please forward it to phishing@amherst.edu.

And get used to checking out the URL of any online service (bank, credit card, social media) that you log into.