Here are a few guidelines:
1) Don't open email attachments unless you are expecting them. If a friend sends you an unexpected attachment or web link, make sure it's really from them.
2) Don't reply to requests to email your Carleton username or password to anyone. ITS will NEVER ask you for your password via email.
3) Beware of requests for personal information, including your name, username, password, etc.
Unfortunately, the people who send these "phishing" scam messages will continue to get better and better at fooling us. It's impossible to stay ahead of them - mostly we need to stay alert and react appropriately. It's everyone's job to practice safe email.
One thing you can do is to click the "Junk" button in your email program when you receive a spam email message. This will train Zimbra to help keep these messages out of your Inbox. (It's not foolproof, but it helps!)
As an example, here is an email message that was delivered to lots of folks on campus in May, 2011. This message has been annotated with a number of ways to indicate that it was NOT a legitimate message and did not originate from Carleton. Note that more sophisticated scams will appear more convincing.