How to recognize phishing messages

One important way to protect yourself online is to be able to effectively identify phishing messages. Recently, there’s been an increase in personalized messages pretending to be from staff members. It’s not technically difficult to make a message appear to come from our President, a Dean, or any staff member, requesting personal information, money (think gift cards) or directing you to a malicious website to steal your username and password.

How can I recognize phishing messages?

  • Look for names that don’t match the email address, especially when there is a banner indicating the message is from outside the College (Fig. 1).
  • Be suspicious of messages asking for an immediate response, or asking for personal contact information (cell phone, personal email address).
  • Subject lines are used to draw your attention using pay or benefits terms. For example: “Benefit package : Compensation Adjustment, Salary-Increase, Insurance Revision for”.
  • Watch for new types of messages not introduced by IT. Below (Fig. 2) shows a new type of “sharing” message which includes a QR code. Using your mobile device to scan the QR code as instructed directs you to a malicious website, bypassing protections provided on work computers.
Fig. 1

Fig. 2

What do I do if I think something is a phishing message?

  • Don’t reply to the message.
  • Don’t click on or follow links in the message.
  • Call or contact the purported sender using another method to confirm.
  • Report the message as “phishing” from within Outlook – it’s easy! (Fig. 3) This helps the email filter adapt to new types of phishing messages.
  • Read more info, or watch the 2-minute video in this Microsoft Resource to enhance your personal knowledge.
Fig. 3

Note: The message must be open in its own window for these buttons to appear as they are not present in the message “preview” pane.