Tips for identifying a phish
Phishing is a leading cause of data breaches, and all it takes is one click to compromise the organization’s network.
When suspicious emails make it through defenses, the organization relies on you to help. Therefore, it’s vitally important that you learn to properly identify and report suspicious emails as potential threats.
Did you know?
It is important to examine hyperlinks in suspicious emails. Here’s how to check where a link goes without clicking:
- Desktop (Mac/Windows): Hover your cursor over the link to view the URL.
- Mobile devices (Android, iOS, Windows): Touch and hold the link until a pop-up menu appears.
Phishing emails ask you to provide sensitive information, encourage you to click links or urge you to download attachments. Slow down and examine emails closely before taking action.
Keep these tips in mind to identify phishing emails:
- Keep your emotions in check. Phishers frequently leverage emotions like fear, greed and curiosity. Look out for emotional triggers like surprising headlines that reference a current event, or thank you emails and unexpected bank notices.
- Look for warning signs. Does anything in the email seem strange? Was the email sent by an unknown sender? Was it expected or unsolicited? Are there grammar or spelling errors? If you’ve answered “yes” to any of these questions, you may have received a phishing email.
- Examine the domain name. Some attackers modify domains to catch targets off guard. For example, if the correct domain was www.example.com, the phishers may register “examp1e.com” or “example.co”, hoping you won’t notice the subtle difference.
- Always verify the sender and domain. Make sure you recognize the sender’s name and domain. If you recognize the sender, verify the message is legitimate with a quick phone call.
- Always verify the domain. Remember that the U-M level one page is https://weblogin.umich.edu/. Always verify the domain when entering in credentials
If you suspect that an email is phishing, report it by clicking the Report Phishing button in Outlook.
If you are a mobile user, forward the email to ReportPhish@umich.edu.
Your active participation is crucial to help protect our organization.