1. Check the Sender’s Email Address
- Look at the full email address of the sender. Review the domain (the part after the “@” symbol).
- Example of a valid ISU email:
username@isu.edu
- Note: All official ISU emails come from addresses ending in
@isu.edu.
- Watch for misspellings or misleading formats.
- Example:
harrypotter.isu.edu@gmail.com is not an ISU email.
2. Look at the Greeting
- Check how the email addresses you.
- Be cautious of generic greetings such as:
- “Dear Student”
- “Hello Customer”
- Note: Legitimate ISU emails often use your name.
3. Check for Spelling and Grammar Issues
- Read the message carefully.
- Look for:
- Misspelled words
- Unusual phrasing
- Poor grammar
Examples of suspicious phrasing:
- “We detected something unusual to use an application”
- “A malicious user might trying to access”
- “Please to contact IT Service Desk”
4. Watch for Urgent or Threatening Language
- Identify if the message pressures you to act quickly.
- Be cautious of phrases such as:
- “Act Now”
- “Hurry”
- “Limited Time”
Warning: Urgent language is often used to make you act without thinking.
5. Be Careful with Links, Attachments, and Calendar Invites
- Do not open attachments unless you trust the sender.
- Be cautious when clicking links in emails.
To check a link on a computer:
- Move your cursor over the link (do not click).
- Look at the web address displayed in your browser.
- Confirm it matches the expected website.
To check a link on a mobile device:
- Press and hold the link (do not tap).
- Review the preview of the web address.
Note: Phishing attempts may also come through calendar invitations with malicious links.
How to Report Phishing Emails
Report a Suspicious Email in Gmail
- Open your web browser.
- Go to Gmail.
- Open the suspicious email.
- Select the three-dot menu next to the Reply button.
- Select Report phishing.
Report a Suspicious Calendar Event
- Open the calendar event.
- Select the three-dot menu.
- Select Report as spam.