Below are things you can look for in your email when you suspect a message may be phishing.

Check the Address

 If the email appears to come from a legitimate organization but they "FROM" address is someone’s personal account, such as @gmail.com or @hotmail.com, this is most likely an attack. Also, check the "TO" and "CC" fields. Is the email being sent to people you do not know or do not work with?

Check the Greeting

Be suspicious of emails addressed to "Dear Customer" or that use some other generic salutation. If a trusted organization has a need to contact you, they should know your name and information. Also ask yourself, am I expecting an email from this company?

Look for Mistakes

Be suspicious of grammar, spelling and formatting mistakes; most businesses proofread their messages carefully before sending them.

Slam on Brakes

Be suspicious of any email that requires "immediate action" or creates a sense of urgency. This is a common technique to rush people into making a mistake. Also, legitimate organizations will not ask you for your personal information.

Raise an Eyebrow at that Link

Be careful with links, and only click on those that you are expecting.  Also, hover your mouse over the link. This shows you the true destination of where you would go if you clicked on it. If the true destination is different then what is show in the email, this is an indication of an attack.

Trash that Attachment

Be suspicious of attachments. Only click, on those you are expecting.

Don’t Quit Your Day Job

Be suspicious of any message that sounds too good to be true. No, you did not just win the lottery.

Phone a Friend

Just because you got an email from your friend/colleague/family does not mean they sent it.  Your friend’s computer may have been infected or their account may be compromised. If you get a suspicious email from a trusted friend or colleague, call them on the phone.

When in Doubt, ask I.T.S.

Forward suspect email to helpdesk@longwood.edu or abuse@longwood.edu

When reporting a phishing email it's best to include the Internet Headers with the message, so Infosec can verify where the message originated from.  Read more: Forwarded Messaging Headers, with screenshots and instructions.

 

Suspicious messages in your personal e-mail?

Schedule a quick tutorial with Infosec (infosec@longwood.edu) if you're interested in learning more!

Try these: