Body
Overview
Phishing emails are fraudulent messages designed to trick recipients into revealing sensitive information, clicking malicious links, or downloading harmful attachments. These emails often impersonate legitimate organizations, colleagues, or trusted services to gain your confidence. Learning to identify phishing attempts is crucial for protecting your personal information, institutional data, and account credentials. This article provides guidance on recognizing common phishing indicators and best practices for handling suspicious emails.
Instructions
1. Examine the Sender's Email Address
- Hover over the sender's name to reveal the actual email address
- Look for misspellings or slight variations of legitimate domains (e.g., "micros0ft.com" instead of "microsoft.com")
- Be suspicious of emails from free email services (Gmail, Yahoo, Hotmail) claiming to be from Westcliff University
- Verify that internal emails come from one of these domains: @westcliff.edu, @wsulaw.edu, @westcliffearlylearning.com
2. Check for Generic Greetings
- Phishing emails often use impersonal greetings like "Dear User," "Dear Customer," or "Hello Member"
- Legitimate organizations typically address you by your full name
- Be cautious of emails that don't personalize the greeting
3. Look for Urgent or Threatening Language
- Phishing emails create artificial urgency with phrases like:
- "Your account will be suspended within 24 hours"
- "Immediate action required"
- "Verify your account now or lose access"
- "Unusual activity detected"
- Legitimate organizations rarely threaten account closure without proper notice
4. Identify Suspicious Links
- Hover over any links WITHOUT clicking to preview the destination URL
- Check if the link URL matches the claimed destination
- Be wary of shortened URLs (bit.ly, tinyurl.com) that hide the true destination
- Look for misspelled domains or extra characters in URLs
5. Watch for Spelling and Grammar Errors
- Professional organizations proofread their communications
- Multiple typos, awkward phrasing, or poor grammar often indicate phishing
- Be especially suspicious of errors in emails claiming to be from official sources
6. Be Cautious of Unexpected Attachments
- Don't open attachments from unknown senders
- Be suspicious of unexpected attachments even from known contacts (their account may be compromised)
- Common malicious file types include .exe, .zip, .scr, and macro-enabled documents (.docm, .xlsm)
7. Verify Requests for Sensitive Information
- Legitimate organizations never ask for passwords, credit card numbers, or Social Security numbers via email
- IT departments will never ask you to verify your password through email
- Be suspicious of requests for personal or financial information
8. Check for Logo and Branding Inconsistencies
- Compare logos and formatting to legitimate emails from the same organization
- Look for low-quality images, mismatched colors, or outdated branding
- Professional organizations maintain consistent branding standards
Notes
- Phishing attacks can target anyone, regardless of technical expertise or position
- Even if an email appears to come from a colleague or supervisor, verify unusual requests through another communication channel
- Mobile devices can make phishing harder to detect due to smaller screens that hide full URLs and email addresses
- Your organization may conduct phishing simulation tests to raise awareness - treat these as learning opportunities
- Reporting suspicious emails helps protect the entire organization by alerting IT Security to active threats
- Some sophisticated phishing attempts (spear phishing) are highly personalized and harder to detect
- Trust your instincts - if something feels off about an email, it probably is
- Be especially vigilant during tax season, holiday shopping periods, and major organizational changes when phishing increases
- Keep your security awareness training up to date to learn about evolving phishing tactics
Reference