How to tell if an email is phishing/scam
2. This
phishing scam uses urgency to manipulate the victim. By saying that the link/document will be locked after a short period of time (24-48 hours typically), it forces the reader to act
immediately. Many phishing scams will use similar tactics of fear or excessive
flattery to manipulate you.
3. Watch for
spelling and/or grammatical errors. Phishing scams will often contain one or
both.
4. Always check the sender's email address listed at the top of your email client. If it looks suspicious, it's probably not a legitimate message.
5. Always hover your cursor over links contained within an email to determine if the link URL is legitimate. If it goes to a website that you don't recognize or doesn't match what you are expecting to see, then it likely isn't legitimate. If you are on a mobile device when checking the message, press and hold the link until the URL appears so that you can check if it is legitimate.
6. If you have any doubts about the veracity of the sender’s organization or internal department, be sure to look it up online and verify it.
7. You should
always verify physical address details from a sender you don't recognize.
8. Be careful with calling the phone number sent to you in an
email. Scammers will sometimes put down their own phone numbers and then
pretend to be the service or department that the Phishing
scam is imitating. If you are suspicious of the email, it is much
safer to google search the correct phone number than to trust the given number.
9. Please
remember to configure your email client to block automatic image downloads.
Scammers will sometimes embed executable code to run in the image background. By default, Outlook is configured to block automatic image downloads.
10. If you have questions or concerns, please contact the MERIT Help Desk at helpdesk@education.wisc.edu, or 608-265-4773. You can also contact the DoIT helpdesk at help@doit.wisc.edu or 608-264-4357, or the Office of Cybersecurity at cybersecurity@cio.wisc.edu. To report a phishing email, use Outlook's built-in reporting option.
11. If you receive a suspicious email and would like to report it, please DO NOT forward the email to anyone. You should either send a description or a screenshot of what you received.