5 Easy Ways to Identify a Phishing Email

March 9, 2016 / By: Information Technology Services

Have you recently been alerted your account will expire? Perhaps you’ve been alerted that someone has accessed your account without your permission and need to click on a link and verify your information.

The St. Thomas community has been receiving phishing emails like this recently.

Phishing emails are attempts by identity thieves to bait you into providing personal information that is often used for malicious purposes. They are usually easy to detect, but phishers have started to use more intricate techniques to confuse potential victims.

Learn 5 easy ways to identify a phishing email:

1. Look at the email address not just the sender

Sometimes an email will look like it is coming from IT, the Help Desk, or even your bank. If you look closely at the email address next to the name of the sender, it often reveals an email address that is not even closely related. All St. Thomas emails end in @stthomas.edu. Legitimate organizations do not ask you to supply your personal information via email. If you are concerned about a suspicious email, contact the Tech Desk. 

2. Urgent action required

Phishers and hackers use scare tactics to bait users into clicking links or providing their username and password. If you see an email that tries to get you to take action such as "your account will be deleted if you don't respond" or "click here NOW to upgrade your account," then you can bet it is a phishing email. If the tone of the email seems threatening, contact the Tech Desk directly to verify its authenticity.

3. Typos and improper grammar

Check for misspelled words and grammar mistakes. This is a quick and easy way to spot if it is a scam. 

4. St. Thomas NEVER asks for your personal information via email

Impersonal use of language like "Dear user" can also clue you in. While it is true that your email expires after you no longer a student or employed by St. Thomas, you still will never need to take any action. This is an automated process and your account itself lasts forever to allow you access into Murphy Online. You can learn more about this process on our student account and faculty/staff accounts page.

5. What website does it lead to?

If it asks you to click a link, pay attention to where it is trying to take you before you click. You can hover over links before you click on them. Does it lead you to the correct site? Is the website URL misspelled? Does it look like it is going to bring you to a different site completely? Phishers often setup fake websites with similar names, but if you take a moment to hover before you click it will help you identify the scam. 


What do I do if I receive a phishing email?

The safest thing to do is delete the message immediately. Do not click any links from untrusted sources and do not provide your username or password. If you give away these credentials, reset your password immediately and contact the Tech Desk.

Other precautions:

  • Don't open attachments from unknown senders - In hopes that you will open a file out of curiosity, hackers often attach malicious files with viruses to their emails. Never open an attachment from an untrusted sender.
  • Watch out for too many "FREE" offers - If it seems too good to be true, it probably is.
  • Keep your email for St. Thomas purposes only - When it comes to email for personal use, we recommend using an alternative account such as Gmail, Yahoo, Hotmail, etc. This helps promotions and ads out of your email and can decrease your spam.
  • When in doubt, always contact the Tech Desk - we can help you determine if this is a malicious email.