Phishing & Suspicious Email
Information on how to spot phishing, examples of phishing emails and what to do if you suspect a phishing attempt.
What is Phishing?
Phishing is an online attempt to gain sensitive information (login info, credit card details, money, etc.) by pretending to be a trustworthy entity.
Spear Phishing is phishing that is targeted toward a specific individual or organization. Criminals are targeting you and other members of the EU community with phishing schemes to trick you into revealing your personal information and EU password. They are hoping to gain access to your personal and financial information, as well as sensitive university information and access to EU resources.
Learn to Spot Phishes
Malicious emails typically:
- Use urgent language and may ask you to validate, verify or update your account.
- Ask for personal information such as passwords, bank account numbers, user names and/or credit card numbers.
- May have grammatical, typographical, or other obvious errors.
Learn to recognize Phishy links:
- With your mouse, hover over the link to see the actual address where the link is directing you.
- Note the entire URL. Criminals may use pieces of legitimate URLs but not the exact thing..
Not every e-mail you receive is a phish. In fact, you should expect your bank or e-commerce vendor to send you legitimate e-mail, but how can you tell the difference? Well, that is what the Phishing IQ test is all about - try it!
Phishing IQ Test
Phishing Examples: What to Watch For
If you are questioning whether an email or web page is fraudulent, remember these two points:
- EU Will Never Ask You to Validate Your Account or Provide Your Password in Email.
- Compare examples of a fraudulent email and an email EU actually sends to people.
This Email is a Fraud
Clues that indicate this email is fraudulent:
- It directs you to a non-EU website. With your mouse, hover over the link to see the actual address where the link is directing you. In this case, the URL that the link goes to is an offsite location. Do not click the link if it looks wrong to you.
- It asks you to update your account or it will become inactive. EU will never ask you to validate or verify your account. EU accounts only become inactive when you leave the University and are no longer eligible for them.
- The "From" address is fake. Although it says, "Edinboro Information Technology", the actual email lists someone at "msu.edu" as the sender. Beware, because criminals can forge the "From" addresses to look real.
This Email is Safe
Clues that indicate this email is safe:
- It does not ask you to verify or validate anything.
- When you hover over the link, it directs you to our EU web page.
- It does not ask you to click on a link to change your password.
If You Suspect a Phish
You can report suspicious emails:
- Phishes that appear to impersonate an EU address or service. Phishing attempts will often impersonate EU communications. If a phish contains an EU email address, EU logo or branding element, is addressed to students, faculty, and/or staff, or uses other key words targeting our EU community, please report it. Send the entire message with full email headers to firstname.lastname@example.org.
- Contact the Technology Help Center.
Key Points to Remember
- Use caution with emails asking you for personal information.
- Be suspicious of any request for personal information.
- Verify that the request is legitimate before you provide any information.
- Do not send personal information via email.
If You Get Caught
If you gave personal information in response to a phishing email or on a suspicious web page, your account may be compromised.
- Change your EU password and follow the instructions under "Compromised Accounts". Do NOT set your password back to something you have used previously.
- Carefully review any online account that may be vulnerable as a result of responding to the message.
Recent Scam Alerts