How to recognize a phishing email
- Trust your gut – if something seems off about the email, it probably is. Don't click anything in the email or open attachments until you have done a little investigative work or contacted the Help Desk.
- Check the email address of the person who sent the email – if your gut senses something wrong, click the little down arrow at the top of the email and look at the person who sent the email. Is the email address what you expected or does it look suspicious? For example, firstname.lastname@example.org VS email@example.com? The second address should be marked as phishing because she normally communicates with us using her blueridge.edu address.
- Hover on links or images to see url – If you hover over any link or image in an email, the url will appear in the bottom left corner of your browser window. Is the url what you expected it to be or does it make sense? Does the link say google.com, gogle.com, or googl.com? They make it look similar enough that at a quick glance, it looks correct…but isn't. Sometimes, it may be a long, complex url or a shortened url.
- Is the attachment unexpected, odd, or have a weird name – Never open an attachment if you are in doubt.
- Does the email have one of the red flags:
- Overwhelming emphasis on urgency.
- Any unsolicited communication regarding any account you have.
- Any unsolicited communication regarding any account you don't have.
- Requests for you to send your username and/or password, or other personal details.
- Spelling, grammar, or factual errors.
- Overly formal, yet very generalized salutations. "Mr/Mrs" or "Dear Sir or Madam" or "To Whom It May Concern."
- Anything "too good to be true."
- FROM addresses that don't match the REPLY address.
If you have determined that it is a malicious email
Click the 3 dots in the upper right next to the reply arrow and select "Report Phishing."
If you feel you have been hacked, change your password immediately.
If you are still unsure or have questions, please call the Help Desk at 694-1895.