How to tell if an email is phishing/scam

Typical indicators that a message is phishing/scam/not legitimate
Phishing/scam emails are one of the biggest online threats currently.  If you aren't sure if an email that you have received is legitimate or not, there are some typical signs that you can look for to help you determine if this is a phish or not.

1. There is an attachment and the sender never mentions anything specific about the document. The details are deliberately vague in an attempt to target as many recipients as possible.

2. This phishing scam uses urgency to manipulate the victim. By saying that the link/document will be locked after a short period of time (24-48 hours typically), it forces the reader to act immediately. Many phishing scams will use similar tactics of fear or excessive flattery to manipulate you.

3. Watch for spelling and/or grammatical errors. Phishing scams will often contain one or both. 

4. Always check the sender's email address listed at the top of your email client. If it looks suspicious, it's probably not a legitimate message.

5. Always hover your cursor over links contained within an email to determine if the link URL is legitimate.  If it goes to a website that you don't recognize or doesn't match what you are expecting to see, then it likely isn't legitimate. If you are on a mobile device when checking the message, press and hold the link until the URL appears so that you can check if it is legitimate.

6. If you have any doubts about the veracity of the sender’s organization or internal department, be sure to look it up online and verify it.

7. You should always verify physical address details from a sender you don't recognize.

8. Be careful with calling the phone number sent to you in an email. Scammers will sometimes put down their own phone numbers and then pretend to be the service or department that the Phishing scam is imitating.  If you are suspicious of the email, it is much safer to google search the correct phone number than to trust the given number.

9. Please remember to configure your email client to block automatic image downloads. Scammers will sometimes embed executable code to run in the image background.  By default, Outlook is configured to block automatic image downloads. 

10. If you have questions or concerns, please contact the MERIT Help Desk at, or 608-265-4773. You can also contact the DoIT helpdesk at or 608-264-4357, or the Office of Cybersecurity at To report a phishing email, use Outlook's built-in reporting option.

11. If you receive a suspicious email and would like to report it, please DO NOT forward the email to anyone. You should either send a description or a screenshot of what you received.

Keywordsemail, phish, phishing, scam, security   Doc ID90409
OwnerJason E.GroupSchool of Education
Created2019-03-15 11:26:20Updated2019-03-22 13:51:44
SitesSchool of Education
Feedback  17   0