Table of Contents

Phishing/Spam Emails

Brian Vitarisi Updated by Brian Vitarisi

What is Phishing?

Phishing is a type of cybercrime that involves the use of email or other communication that tricks users into disclosing sensitive information such as passwords and account numbers. Phishing is usually done through email, ads, texts, or sites that look like they are from a legitimate organization. For example, a phishing email might look like it is from your bank and ask you to give them information about your bank account.

Phishing emails or sites might ask for:

  • Usernames and passwords, including password changes
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Your mother’s maiden name
  • Your birthday
Important: BPS, Google, or Gmail will never ask you to provide this type of information in an email.

4 Tips to Avoid Being Phished

  1. Check to verify that the sender's email address is legitimate and belongs to the organization that the email claims to be coming from. If you are unsure, contact the organization through other known means (such as calling Customer Service though a publicized number) and confirm that the email was legitimate. Never reply to the sender.
  2. Beware of any emails that ask for sensitive information such as your account number and password, or that contain a link asking for that information. Never click on links in a suspicious email as they may take you to malicious sites.
  3. Many phishing emails convey a sense of urgency. Be careful when you see messaging with deadlines such as: "Your account will be deactivated if you do not respond within 24 hours."
  4. If the email sounds too good to be true, such as winning a prize that you have never applied for, it is a red flag.

What do you do if you notice a phish?

  1. Report it. If you receive a suspicious email that asks for personal information, please report the email by clicking the "Phishing Hook" or the three (3) dots next to the reply button and selecting "Report Phishing" or "Phish Alert". This will alert BPSTechnology that the email sender is a scammer and move future emails to the "Spam" folder in Gmail.
    Screenshot showing phish reporting
  2. Do not click on links or download any attachments in a suspicious email.
  3. Never reply to a suspicious email.
  4. Delete the email to avoid accidentally opening it in the future.
If you are unsure, please contact the BPSTechnology Service Desk at 617-635-9200.

Other Precautions to Take

  • Log out of your Google account on all devices it is currently logged in to. You can do this easily from your Gmail inbox. When you are looking at your Gmail inbox, scroll all the way to the bottom of the window and click on the "Details" button in the lower right corner:
    Once you click on "Details," a window will appear that shows all activity on your account. Click the "Sign out all other Gmail web sessions." This will log out every device except for the one you are currently using.
  • Change your password. Log in to access.boston.gov with your BPS ID and password and navigate to "Change my password" under Account Tools, or click the "Forgot Password" link on the login page.
  • Change passwords for personal accounts such as banks and personal Gmail accounts.
  • Use two-factor authentication whenever available. Two-factor authentication requires you to verify logins through at least two methods (such as a password and a code sent to your phone).

Resources to Share

How did we do?

How to stay SAFE when shopping online

Contact