Identifying Scam and Phishing Emails

Issue / Question
Tips for determining if an email is suspicious or a scam. 
  • How do I know if an email is fraudulent?
  • How can I tell if an email is a scam?
Environment
  • Platform
    • Email
  • Audience Affected
    • Faculty
    • Staff
    • Students
Resolution
 
Phishing is the process of trying to get private information from users such as passwords and credit card information by pretending to be another company or person. Some phishing attempts can seem to be legitimate, so when in doubt, reach out to the person or company independently using trustworthy information. In many cases, there are some signs to help you identify phishing attempts.
  1. Who is the sender?
    • Check the domain name (the part after the @ symbol, e.g. isu.edu). It may be misspelled, or otherwise incorporated in the email name, such as harrypotter.isu.edu@gmail.com. You won't receive an email from ISU from an email ending in @gmail.com.  All ISU emails end with @isu.edu. 
  2. Is the greeting generic?
    • Scam and phishing emails are often sent to many people at once, and will often use greetings like "Dear Student" or "Hello Customer".
  3.  Are there spelling or grammatical errors?
    • Sometimes the person who has sent the scam email does not have English as their first language. They may misspell words, or rely on autocorrect or translators that lead to strange phrasing that you wouldn't hear from a native speaker, such as "We detected something unusual to use an application", "a malicious user might trying to access", or "Please to contact Service Desk".
  4. Is it creating a sense of urgency?
    • Scammers don't want you to think about your actions, and so will often include phrases like "Act Now," "Hurry," or "Limited Availability." Because you are hurrying, you are more likely to give away information as you try to fix an emergency, or grab an opportunity. In addition, if the offer is strange coming from the sender, it's safe to question its validity.
  5. Beware of links and attachments!
    • Attachments may contain malicious software, i.e. malware, so you should only open attachments if you are confident of the legitimacy of the sender. When in doubt, reach out through another means of communication to confirm the email. Links in emails may also lead to fake websites. A good way to check links on a computer is to hover your cursor over the link, then look at the bottom left corner of your browser, which shows the web address of the link.  It should likely match the rest of the email. On a mobile device, you can check the URL by pressing and holding the link (not clicking). 
If you receive a suspicious email, you are always welcome to contact the ITS Service Desk (208-282-4357).  We can help you determine if it is legitimate or not.  

Please get in touch with the IT Service Desk for additional assistance.
 (208) 282-4357 or Go to chat

Details

Article ID: 143007
Created
Fri 4/29/22 2:22 PM
Modified
Wed 12/21/22 9:21 AM