What are phishing and spoofing emails?
Phishing emails are an attempt by thieves to lure you into divulging personal and financial information, for their profit. They pretend to be from well-known legitimate businesses, and look as if they actually are. They use clever techniques to induce a sense of urgency on your part so that you don't stop to think about whether they are legitimate or not. You can learn to know what to look for and where to report these scams when you find them.

Email Spoofing is when the sender address and other parts of the email header are altered to appear as though the email originated from a different source, often one that you may know. When combined with phishing it is especially dangerous.

Spear Phishing emails are a special type of phishing email targeted to a select group of users (e.g., accountants, faculty). These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.

If you suspect that you have received a phishing email:
  • Mark it as spam to train Gmail to recognize it as such.
  • Do not respond to it or click on the links.
  • Delete it.

6 Ways to Recognize Phishing
  1. Generic greeting
    For example, "Dear customer" or “Dear faculty member” instead of using your name.
  2. Sense of urgency
    May include an urgent warning requiring your immediate action.
  3. Account status threat
    May include a warning that your account will be shut down unless you reply.
  4. Spoofed email address
    The sender's email address may be spoofed (forged), even if it looks legitimate.
  5. Forged links to Web sites
    There is often a link to a web site to "fix" your account. These are often forged.
  6. Requests for personal information
    It may ask for login and password information, either in the email or from a link.

Remember, NEVER reply to an email message requesting personal information. Reputable organizations will never ask you to send your login or private information to them via email. You should always be wary of unexpected messages requesting personal information. If you are unsure whether an email message about your account is a phishing email or not, call the organization directly to determine the status of your account.

keywords: safe computing, safecomputing