Information on how to spot phishing, examples of phishing emails and what to do if
you suspect a phishing attempt.
What is Phishing?
Phishingis an online attempt to gain sensitive information (login info, credit card details,
money, etc.) by pretending to be a trustworthy entity.
Spear Phishingis phishing that is targeted toward a specific individual or organization. Criminals
are targeting you and other members of the EU community with phishing schemes to trick
you into revealing your personal information and EU password. They are hoping to
gain access to your personal and financial information, as well as sensitive university
information and access to EU resources.
Learn to Spot Phishes
Malicious emails typically:
Use urgent language and may ask you to validate, verify or update your account.
Ask for personal information such as passwords, bank account numbers, user names and/or
credit card numbers.
May have grammatical, typographical, or other obvious errors.
Learn to recognize Phishy links:
With your mouse, hover over the link to see the actual address where the link is directing
Note the entire URL. Criminals may use pieces of legitimate URLs but not the exact
Not every e-mail you receive is a phish. In fact, you should expect your bank or
e-commerce vendor to send you legitimate e-mail, but how can you tell the difference?
Well, that is what the Phishing IQ test is all about - try it!
If you are questioning whether an email or web page is fraudulent, remember these
EU WillNeverAsk You to Validate Your Account or Provide Your Password in Email.
Compare examples of a fraudulent email and an email EU actually sends to people.
This Email is a Fraud
Clues that indicate this email is fraudulent:
It directs you to a non-EU website. With your mouse, hover over the link to see the actual address where the link is
directing you. In this case, the URL that the link goes to is an offsite location.
Do not click the link if it looks wrong to you.
It asks you to update your account or it will become inactive. EU will never ask you to validate or verify your account. EU accounts only become
inactive when you leave the University and are no longer eligible for them.
The "From" address is fake. Although it says, "Edinboro Information Technology", the actual email lists someone
at "msu.edu" as the sender. Beware, because criminals can forge the "From" addresses
to look real.
This Email is Safe
Clues that indicate this email is safe:
It does not ask you to verify or validate anything.
When you hover over the link, it directs you to our EU web page.
It does not ask you to click on a link to change your password.
If You Suspect a Phish
You can report suspicious emails:
Phishes that appear to impersonate an EU address or service. Phishing attempts will often impersonate EU communications. If a phish contains
an EU email address, EU logo or branding element, is addressed to students, faculty,
and/or staff, or uses other key words targeting our EU community, please report it.
Send the entire message with full email headers firstname.lastname@example.org.