How to Detect Phishing Emails

Overview

Email remains one of the most common methods cybercriminals use to compromise an account, carry out financial scams, and deliver ransomware. They are designed to deceive you into taking an action such as:

• Sharing your Puget Sound credentials or entering them on a dangerous website
• Clicking a harmful link or opening an attachment containing malware
• Purchasing gift cards, sending bitcoin, or transferring funds
• Divulging sensitive personal information or university data

Quick Tips

• Know the sender! Always double-check the sender’s email address and do not solely rely on the display name. Scammers often design messages to appear as though they are from somebody you know, such as a supervisor or department chair.
• Think before you click! Carefully examine links and do not open attachments from unknown senders. Be wary of shortened URLs.
• Protect your password! Never email your password, submit it on a form, enter it on an unfamiliar website, or share it with anyone else.
• Trust your instincts! If something feels off or suspicious about an email, it is better to err on the side of caution. 
• Resist and report! Urgent or emotionally appealing language and offers that are too good to be true are common features of phishing scams. Resist the urge to act immediately. Be a hero and report the message to help keep others safe.

Check the Sender's Email Address

Display names are easily manipulated to impersonate trusted organizations or individuals. Click on the arrow to see the full email address of the sender. If the display name has the name of a campus member but the email address does not end with @pugetsound.edu, use caution. If the display name has the name of a company (e.g. UNICEF) but the email address is not from a domain generally matching their company website (e.g. unicef.org), use caution.

Useful Indicators in Gmail

Warning banners

Messages that have a red or yellow banner in Google Mail are suspicious. If you are not certain the message is safe, please do not click links, open attachments, or reply. If you think Google has inaccurately flagged a legitimate message, click Looks safe on the yellow banner.

External tag

Messages that have a yellow "External" tag indicate that the email was sent from a non-Puget Sound email address. Though many external messages are legitimate, it can be helpful in detecting phishing emails where an outside party is trying to impersonate a campus member.

Spotting Phishing Emails

Some phishing email messages are poorly constructed, making them obviously suspect, but many others may appear on the surface to be from a campus member or external service (e.g. Microsoft, Google, Dropbox, Wells Fargo). You should always avoid clicking on links or opening attachments in email messages from unknown or suspicious sources. Be especially careful when checking email on a mobile device as many telltale signs are difficult to detect.

Common red flags:

• Sense of urgency (e.g. threatening to shut off a service)
• Asks you to click a link for verification or upgrade
• Links to a shared document, invoice, or receipt you are not expecting
• Contains a financial or job offer that is too good to be true
• Impersonates campus members or departments (e.g. HR, IT, VPs/AVPs, supervisor, department chair)
• Impersonates third party applications not used by the university (e.g. Microsoft OneDrive)
• Hyperlinked text or buttons lead to an unfamiliar website (hover over linked text to show URL path)
• Demands payment via cryptocurrency (e.g. Bitcoin) or gift cards or Venmo/Zelle
• Sent outside normal business hours
• Bad spelling or grammar