Identifying Scam and Phishing Emails

Issue / Question
Tips for determining if an email is suspicious or a scam. 
  • How do I know if an email is fraudulent?
  • How can I tell if an email is a scam?
  • Platform
    • Email
  • Audience Affected
    • Faculty
    • Staff
    • Students
Phishing is the process of trying to get private information from users, such as passwords and credit card information, by pretending to be another company or person. Some phishing attempts can seem to be legitimate, so when in doubt, reach out to the person or company independently using trustworthy information. In many cases, there are some signs to help you identify phishing attempts.
  1. Who is the sender?
    • Check the domain name (the part after the @ symbol, e.g., It may be misspelled or otherwise incorporated in the email name, such as You won't receive an email from ISU from an email ending in  All ISU emails end with 
  2. Is the greeting generic?
    • Scam and phishing emails are often sent to many people at once and will often use greetings like "Dear Student" or "Hello Customer".
  3.  Are there spelling or grammatical errors?
    • Sometimes the person who has sent the scam email does not have English as their first language. They may misspell words or rely on autocorrect or translators that lead to strange phrasing that you wouldn't hear from a native speaker, such as "We detected something unusual to use an application", "a malicious user might trying to access," or "Please to contact Service Desk".
  4. Is it creating a sense of urgency?
    • Scammers don't want you to think about your actions, and so will often include phrases like "Act Now," "Hurry," or "Limited Availability." Because you are hurrying, you are more likely to give away information as you try to fix an emergency or grab an opportunity. In addition, if the offer is strange coming from the sender, it's safe to question its validity.
  5. Beware of links and attachments!
    • Attachments may contain malicious software, i.e., malware, so you should only open attachments if you are confident of the legitimacy of the sender. When in doubt, reach out through another means of communication to confirm the email. Links in emails may also lead to fake websites. A good way to check links on a computer is to hover your cursor over the link and then look at the bottom left corner of your browser, which shows the web address of the link.  It should likely match the rest of the email. On a mobile device, you can check the URL by pressing and holding the link (not clicking). 
If you receive a suspicious email, you are always welcome to contact the IT Service Desk (208-282-4357).  We can help you determine if it is legitimate or not.  

Idaho State University (ISU) is transitioning from BengalWeb to MyISU and introducing a new, personalized MyISU Portal. For more information about the new portal, please visit the MyISU Information page. Need help? Contact the IT Service Desk at (208) 282-HELP (4357) or chat. 


Article ID: 143007
Fri 4/29/22 2:22 PM
Sun 11/5/23 4:18 PM