Identifying Scam and Phishing Emails

Introduction

Tips for determining if an email is suspicious or a scam. 

Body

Phishing is trying to get private information from users, such as passwords and credit card information, by pretending to be another company or person. Some phishing attempts seem legitimate, so when in doubt, reach out to the person or company independently using trustworthy information. In many cases, there are some signs to help you identify phishing attempts.
 
  1. Who is the sender?
    • Check the domain name (the part after the @ symbol, e.g., isu.edu). It may be misspelled or incorporated in the email name, such as harrypotter.isu.edu@gmail.com. You won't receive an email from ISU from an email ending in @gmail.com.  All ISU emails end with @isu.edu. 
  2. Is the greeting generic?
    • Scam and phishing emails are often sent to many people at once and often use greetings like "Dear Student" or "Hello Customer."
  3.  Are there spelling or grammatical errors?
    • Sometimes, the person who has sent the scam email does not have English as their first language. They may misspell words or rely on autocorrect or translators that lead to strange phrasing that you wouldn't hear from a native speaker, such as "We detected something unusual to use an application," "A malicious user might trying to access," or "Please to contact IT Service Desk."
  4. Is it creating a sense of urgency?
    • Scammers don't want you to think about your actions, and so will often include phrases like "Act Now," "Hurry," or "Limited Availability." Because you are hurrying, you are more likely to give away information as you try to fix an emergency or grab an opportunity. In addition, if the offer is strange coming from the sender, it's safe to question its validity.
  5. Beware of links and attachments!
    • Attachments may contain malicious software, i.e., malware, so you should only open attachments if you are confident of the sender's legitimacy. When in doubt, reach out through another means of communication to confirm the email. Links in emails may also lead to fake websites. A good way to check links on a computer is to hover your cursor over the link and then look at the bottom left corner of your browser, which shows the web address of the link.  It should likely match the rest of the email. You can check the URL on a mobile device by pressing and holding the link (not clicking). 
You can always contact the IT Service Desk if you receive a suspicious email.  We can help you determine if it is legitimate or not.  
 

Contact ITS if you need additional assistance