Identifying Suspicious Emails (Phishing)

Identifying Phish Emails

If you are not expecting an email, if the email seems like they are rushing you to do something ASAP or if it just seems suspicious take a minute to do the below steps.

  1. Hover over the link(s) in the email to see the actual web address. With real phishing emails, this will have a web address that will look incorrect and bring you to a malicious website.
  2. Verify with the department if the sender of the email is legitimate.
  3. Check the sender’s email address.  Sometimes the sender Display Name will show as legitimate, but the actual sender’s email address will be illegitimate.  For example, sender might show Fernando, Kesh <phishman@gmail.com>, whereas the true sender resembles Fernando, Kesh <fernandok@sacredheart.edu

5 Step Protection Guide

  1. Stay skeptical: Treat all unsolicited messages from unknown senders with caution, especially if they request sensitive information or prompt you to click on suspicious links.
  2. Verify the sender: If you receive an email or text message claiming to be from a particular organization or individual, verify its legitimacy independently. Use official contact information from trusted sources, such as their official website or customer support hotline, to confirm the authenticity of the message.  Please keep in mind that SHU IT will never send emails or texts asking for your password or 6 digit code.
  3. Do not click on links: Avoid clicking on links within emails or text messages, as they may lead you to malicious websites designed to collect your personal data or install harmful software on your device.
  4. Protect your personal information: Never share sensitive information, such as passwords, credit card details, or social security numbers, via email or text message.  Do NOT provide your password or 6 digit code to anyone.
  5. Report suspicious messages: If you receive a phishing email or text message, promptly report it to IT Security using the Phish Alert Button (PAB), you can also forward spam and scam texts to 7726 (SPAM) which is the spam reporting service run by the mobile industry.
Print Article