How to Spot a Phishing Scam

Phishing comes in all shapes and sizes, but typically consists of three parts: bait, hook, and attack. The bait is designed to lure you in, to appear as if it’s from a trusted source. If you believe a message is from a trusted source, the phishing attempt moves to stage two, the hook, which typically consists of a call to action. Attackers prey on our instincts in these situations, requesting an immediate login through a link provided in the email. These links take you to sites designed to look like the real thing. Once you input your credentials to the fake website or open an attachment, the attack begins, where scammers steal your information and assume your online identity.

Here are the 7 biggest red flags you should check for when you receive an email or text.

1 Urgent or threatening language

Real emergencies don’t happen over email.

Look out for:

  • Pressure to respond quickly
  • Threats of closing your account or taking legal action

2 Requests for sensitive information

Anyone asking for personal information over email or text probably shouldn’t be trusted with it, anyway.

Look out for:

  • Links directing you to login pages
  • Requests to update your account information
  • Demands for your financial information, even from your bank.

3 Anything too good to be true

Winning a lottery is unlikely. Winning a lottery you didn’t enter is impossible!

Look out for:

  • Winnings from contests you’ve never entered
  • Prizes you have to pay to receive
  • Inheritance from long-lost relatives

4 Unexpected emails

Except the unexpected, and then send it right to the trash.

Look out for:

  • Receipts for items you didn’t purchase
  • Updates on deliveries for things you didn’t order

5 Information mismatches

Searching for clues in phishing email puts your love of true crime podcasts to good use.

Look out for:

  • Incorrect (but maybe similar) sender email addresses
  • Links that don’t go to official websites
  • Spelling or grammar errors, beyond the odd typo, that a legitimate organization wouldn’t miss

6 Suspicious attachments

Attachments might seem like gifts for your inbox. But just like real gifts, they’re not always good…

Look out for:

  • Attachments you didn’t ask for
  • Weird file names
  • Uncommon file types

7 Unprofessional design

For some reason, hiring a graphic designer isn’t on a cyber criminals priority list.

Look out for:

  • Incorrect or blurry logos
  • Company emails with little, poor or no formatting
  • Image-only emails (no highlightable text)


When you spot a Phish

Use the “Report Junk” button, available on both the app and online version of Outlook. This button improves Microsoft’s spam filters, reducing the number of phishing attempts sent to you in the future. When Terranova launches across campus, points will also be added to your Terranova account!

100% helpful - 1 review


Article ID: 43732
Thu 12/7/17 11:51 AM
Mon 10/16/23 4:36 PM

Related Services / Offerings (1)

Spam and Phishing are common method used by third parties to promote products or obtain personal information. More about spam protection through StFX systems