Skip to end of metadata
Go to start of metadata

Phishing is an attempt to acquire account-sensitive information by a seemingly trustworthy entity through means of some electronic correspondence.

Recognize Phishing Messages

If you suspect an e-mail to be a phishing attempt, consider the following:

  • Request for Personal Information - legitimate companies should never ask you to provide your username, password or bank account information by replying to an email message or clicking on a link within a message. Just don't do it!
  • Urgent/Threatening Language - phishing messages are intended to alarm and often contain threats if you don't take immediate action. "You MUST click on this link or your account will be canceled" is an example.
  • The Greeting - Look at the message greeting. Some fake messages use general greetings like "Dear Webmail User," "Attention Citibank Customer," "Paypal Member," or no greeting at all. While not always obvious, the greeting might provide a hint.
  • URL's Don't Match - place your mouse over the link in the message. If the URL displayed does not match the text of the link, or the business or organization mentioned -- run, it's probably fake.
  • Look at the Sender - this is more difficult because it's easy to disguise the sender's address -- but if the message is warning about your SPU webmail account, and the sent address is from another campus or business, the message is probably fake.
  • Avoid the Obvious - phishing messages that contain misspellings, poor grammar and/or punctuation errors are dead-giveaways. If you don't have a Citibank credit card, don't respond to those messages.
  • Watch for Attachments - some phishing messages include attachments that contain malicious code. Don't open email attachments that you aren't expecting.

Remember, SPU will NEVER ask for your password via email.

Manage Phishing Messages

  • If you receive what you believe to be a phishing e-mail, you may delete the e-mail.
  • If you believe an account to be compromised as a result of phishing, immediately change the account password and monitor the account for any suspicious activity.

Phishing Examples

Example 1: Storage alertsExample 2: System upgradeExample 3: Direct Deposit/ Personal Financial Information

Presentation on a Recent Phishing Attempt: