How can I tell if an email is a phishing scheme or legitimate?
What is a Phishing Scheme?
- Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
How can I tell if my inbox has a phishing email?
There are many examples of how to determine if the email you just received is a scam email. Let's take a look at this example to breakdown the red flags.
From: IAS Human Resource Department <customer.service @ carterportal.com>
Subject: Institute for Advanced Study Mailing List Update
Basic Greeting - Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "user", or not even bother addressing you as a person so they don't have to type all recipients' names out and send emails one-by-one.
False Link - Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don't click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed
False Sender - You should always double check who the sender of the email actually is as well. This is a great indication to spot if the sender does not match what the information is telling you it's from. Take a look at the example above and notice how it says its from hr @ ias.edu, however the actual address is "customer.service @ carterportal.com".
If you received a phishing email in your inbox and wish to report it, forward it to the following address: firstname.lastname@example.org
To see the list of already known phishing / scam email attempts: https://security.ias.edu/phish-bowl
See the following for more information regarding Spam: https://www.ias.edu/math/email/spam