Phishing - How to Spot a Phishing Email
A description of what to look for in a phishing email.
The first rule is if you are not sure about a link in an email, do not click the link or respond to it. Ask somebody else or even contact the Eagle Help Desk to see if the email is valid.
Phishing is when someone is trying to obtain your confidential or financial information. It may be an email from someone claiming to be a friend asking you to wire money to a far off country or someone claiming you won money, but they need your financial account information to deposit it.
- Phishing emails will usually have bad grammar, poor spelling or even odd formatting. They often contain links, images, and attached files that they tell you to click on. Or, the phishing emails may try to engage in a conversation with you in order to get you to take an action, like buy gift cards for you to share with them or sharing personal information with them.
- Tip: Look closely for misspellings, and identifiers of mismatched upper and lower case letters. An example of this might be UwLaX.
- UWL emails will usually contain official logos and signatures, so be careful of any suspicious logos and signatures within these emails.
- Note: Phishing emails are becoming much more sophisticated. An official logo does not guarantee the e-mail is valid.
- Phishing emails will most likely have been sent from non-university email accounts, so always double check the sender of the suspicious email, even if the email signature looks legit.
- Don't fall for threats and be cautious of emails stressing urgency which appears unfounded. If the email says anything similar to “Your account will be shut down if you don’t respond” or “Your computer has a virus. Click here to remove the virus,” then don't click on it.
- When using your smartphone, be extra careful and cautious when opening emails you’re not certain about. Stop, wait, and go to your computer to ensure the links are valid. You can always hover over the link with your mouse (without clicking) to determine if it’s valid. Be cautious of suspicious attachments.
- Tip: Look at inconsistencies in email addresses, incorrect order of characters, or URLs which have added characters or numbers. For example. www.uw1ax.edu or uwlax.@edu.
- If you are unsure if the email is from someone you know, then check with the source directly to find out the validity of the email.
- If the message is too good to be true, it typically is.
- System updates do not come via email.
- Please note: Information Technology Services (ITS) will never ask you for your password. If you receive any request for your password, then please delete it immediately without a reply.
Examples of Phishing Emails:
Bottom line: If you are unsure of the validity of an email, do not click on any of the links.