How to identify & deal with Phishing and Spam emails

What is Phishing?

Phishing is the act of attempting to attain information such as usernames and passwords by masked as a trustworthy entity in an electronic communication.

What purposes are phishing techniques used for?

  • Try to trick or fool you into taking an action, such as clicking on a link or opening an attachment.
  • Harvesting information, malicious links, malicious attachments, scams.

How to identify a phishing e-mail?

  • Closely examine the URL provided in the email.
    • you may need to hover your mouse over the link to see the true destination of where you would go if you click the link.
    • Here are examples of a good URL and a bad one:
  • Always check the "From" address is legitimate and matches the email address of the sender.
    • For example, an email from your bank would not be sent from domains such as,,
  • Check for bad grammar or spelling mistakes in the text of the email messages.
  •  Look for [Possible Spam] or [Real Spam] in the subject of the email.
    • It indicates that our systems have flagged the message as suspicious and that you should closely examine the content.

What to do when you identify a phishing e-mail?

  • Do not reply with your login information (or any information)
  • Do not click on links or open attachments.
  • Report it to us (forward the message as an attachment).
  • Move the email message to the Junk folder and mark it as SPAM.
    • Please visit the IT FAQ link for more information on how to report a spam/phishing email
  • If you have responded, change your password immediately using then let us know.
  • If you are unsure, don’t do anything and contact our IT Service Desk for assistance.

If you are interested in reading more about phishing, check out this issue of the OUCH! Security Awareness Newsletter published by the SANS Institute.