How can I tell if an email is a legitimate request or a phishing attack?

Tags phishing

These phishing messages can be very sophisticated with good graphics, but many have poor English and are easy to spot. Vague emails about "account problems" or the "new upgrade" but which provide no specific details and want you to give out personal information are not legitimate.

Here are some key phases that can be a big clue:

  • "Dear MsState.Edu Subscriber" or "Dear account owner"
  • "Verify your account" or "CONFIRM YOUR EMAIL IDENTITY" - MSU will never request a password via email.
  • "Warning!!! Failure to do this will immediately render your email address deactivated from our database." - The scam artist is trying to put pressure on you to reply quickly and or else.
  • "Thanks, Your Upgrade Team" - The signature is not from a real MSU unit.

Another thing to look for is the From email address. For instance, the email "FROM" address might look legitimate but the "Reply-To:" address is to a Yahoo, Hotmail, or Gmail account.

The message may have a link to the official logo of the university or your bank but the URL address the message wants you to click on is really to some location that does not have a real domain name assigned. An example might look something like this: http://41.240.149.###/mybank

Be careful of all links that request personal information. The site could be a "clone" of the official IRS, bank or corporate website created solely to steal your identity. Go directly to the web site of the company rather than clicking on a URL in unsolicited email.


Article ID: 1051
Tue 12/19/17 9:13 AM
Fri 6/14/19 4:39 PM

Related Articles (1)

How to forward a SPAM or phishing email to the Service Desk as an attachment so that it can be properly analyzed