What is Phishing?
Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.
How to Spot Phishes
- Does the URL look right?
- On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
- On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
- Does the login screen look right? Do not enter your NetID password unless you are sure it is safe.
- Are you expecting the document or link? Be suspicious of unexpected emails sharing documents and links you are not expecting. If you are not sure, contact the sender (preferably via text message, phone, or an alternative email address) and ask if they shared a document with you.
- Do you know the person sharing it? Consider the message suspicious if you do not know the person the message is from. Be aware, though, that phishers often use compromised accounts to send their messages, and they can also forge the sending address. If you feel at all unsure, call the person and ask if they shared a document or link with you.
- Can you tell what the document is? Is it clear to you from the document title and message what the document is and why it is being shared with you? Phishers often send vague messages that just say a document has been shared with you. They rely on your curiosity. Do not open suspicious shared documents just to see what they are.
- Beware of flattery. Customized emails complimenting their research and asking them to look at a shared document or link related to it. If it looks suspicious, do not log in.
Phishing resources you can use
Do not fall for a Phish! Learn and test your phish detection skills at Wombat Security Training.
Need help please see our answers page.
- Phishing Basics
- Protect Yourself from Phishing
- Games to help you practice identifying phish attacks
For Faculty/Staff and Students
- Watch for scams and hoaxes.
- Learn about phishing at phishing.org.
- Google report phishing options.
- Syracuse University Information Security student created video on phishing.
If you need more information or assistance with verifying any email messages, please do not hesitate to contact your local IT support team and ITS Security Department ITSecurity@listserv.syr.edu (if you are faculty or staff), or the ITS Service Center (if you are a student) at 315.443.2677 or email@example.com.
- In the message you would like to report, click the down arrow or 3 dots (more) next to the Reply arrow and select Show original.
- In the Original Message screen, click Download Original to download the page as a .txt file.
- Compose a new message, attach the file you downloaded, and send the new message and attachment to ITS Security Department and /or ITS Service Center.
If you were caught
If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.
Some content of this page may have been copied or derived with permission from Safe Computing at University of Michigan