Identifying Legitimate SSCC Email

The SSCC is regularly subjected to "phishing" attacks, where criminals try to trick members into revealing their SSCC usernames and passwords by sending email claiming to come from the SSCC. (They then typically use the victim's SSCC account to send spam.) SSCC staff use the following procedures so that you can identify legitimate email from us:

All legitimate email from the SSCC, including automated messages, will contain the personal name of an SSCC staff member. Visit our SSCC Staff page for a list of SSCC staff members. Legitimate SSCC email will not come from "the team" or a similarly generic term.

Important announcements, like the annual account renewal announcement, will be digitally signed. If your email program can check digital signatures, you can verify that the message was sent by us. We are aware that most web mail programs cannot check digital signatures. Unfortunately many of the tools we use, including our help desk software, cannot sign messages either. Thus it is not the case that if a message is not signed it is not from us. But if it is signed and you can verify that the signature is valid, you can be sure that it is from us.