How to tell if an email is phishing/scam
Typical indicators that a message is phishing/scam/not legitimate
2. This phishing scam uses urgency to manipulate the victim. By saying that the link/document will be locked after a short period of time (24-48 hours typically), it forces the reader to act immediately. Many phishing scams will use similar tactics of fear or excessive flattery to manipulate you.
3. Watch for spelling and/or grammatical errors. Phishing scams will often contain one or both.
4. Always check the sender's email address listed at the top of your email client. If it looks suspicious, it's probably not a legitimate message.
5. Always hover your cursor over links contained within an email to determine if the link URL is legitimate. If it goes to a website that you don't recognize or doesn't match what you are expecting to see, then it likely isn't legitimate. If you are on a mobile device when checking the message, press and hold the link until the URL appears so that you can check if it is legitimate.
6. If you have any doubts about the veracity of the sender’s organization or internal department, be sure to look it up online and verify it.
7. You should always verify physical address details from a sender you don't recognize.
8. Be careful with calling the phone number sent to you in an email. Scammers will sometimes put down their own phone numbers and then pretend to be the service or department that the Phishing scam is imitating. If you are suspicious of the email, it is much safer to google search the correct phone number than to trust the given number.
9. Please remember to configure your email client to block automatic image downloads. Scammers will sometimes embed executable code to run in the image background. By default, Outlook is configured to block automatic image downloads.
10. If you have questions or concerns, please contact the MERIT Help Desk at firstname.lastname@example.org, or 608-265-4773. You can also contact the DoIT helpdesk at email@example.com or 608-264-4357, or the Office of Cybersecurity at firstname.lastname@example.org. To report a phishing email, use Outlook's built-in reporting option.
11. If you receive a suspicious email and would like to report it, please DO NOT forward the email to anyone. You should either send a description or a screenshot of what you received.