Phishing

Phishing emails are designed to trick you into giving up personal information (passwords, Social Security number, banking information), clicking on a malicious link, opening a malicious attachment, or sending money for an unsolicited service. Unfortunately, many phishing attacks are not as easy to identify as the email scams perpetuated by everyone's favorite Nigerian prince. Modern phishing emails are often cleverly crafted to appear to be from legitimate organizations, such as Apple, Microsoft, UPS, or your bank.

How to recognize a phishing email

Phishing Example

  1. Pay attention to the sender's email address. The display name ("AppStore") may sound legitimate, but the actual email address will often indicate that the message is likely a scam.

  2. Beware of generic greetings (Dear Customer, Dear User). A legitimate company will usually address you by name.

  3. Phishing emails will often attempt to create a sense of urgency by warning you that your account will be suspended or deleted if you do not immediately respond by clicking a link or replying with your username and password. Avoid reacting hastily to any email.

  4. Hyperlink text can be manipulated to display something other than the link destination ("Confirm my account now", "www.google.com"). Hovering your mouse pointer over the text will display the link destination, and in some cases, this may confirm that the link is not safe. Keep in mind that web addresses are sometimes designed to trick you - note that "apple" is misspelled as "applle" in the example above.

ITS recommends:

  1. Always check for signs that an email might be a scam.

  2. Only open email attachments if the message is from someone you know AND you were expecting to receive the email.

  3. Never click or copy a link in a suspicious email. If you are concerned and want to check on the account in question, open a web browser and type in the known web address of the site you intend to access.