Identifying Spam and Phishing Attempts

It can sometimes be difficult to tell whether an e-mail is legitimate or not. This page should help you to decipher the tell-tale signs that let you know that an e-mail is fake. Afterwards, test your ability to identify illegitimate email with a quiz from the College of Engineering.

Here is an example of the type of e-mail you may receive:

From: System Administrator []
Sent: Thursday, May 02, 2010 14:17
Subject: Email Account Upgrade

Dear Email User,

This email is to inform you that we are upgrading our system webmail and every email users are required to fill and summit their information in the secure link provided below:

There have been several phishing attempts and attacks and we have built a more reliable software, antivirus, filter to blocked and automatically delete every phishing emails before it reaches your email account.

Failure to click this link and upgrade your account before it expires may result in loss of important information in your mailbox/or cause limited access to it for 3weeks.


Spotting the Signs

Does the e-mail make logical sense?

The IT department is here to serve your needs. We have ultimate control over the infrastructure and accounts in use on the University network. Therefore, it makes no sense that we would need you to log into your account before we upgrade a system. Our network controllers (of which we deliberately have very few) have administrative rights over the network - they do not need to know your password to make any changes.

We will never ask you for your password.

The only person that should know your password is you. You should never tell your password to anyone. Additionally, you should only log into a website with your NetID if the website address is at

Additionally, University IT gets informed of the admissions and exits of all students and employees via the databases controlled by HR and Student Services. This is how we know whether to deactivate an account or not. Your account will not expire while you are still an active member of the University. Even if you don't log into your e-mail account for many years, as long as you are affiliated to the University, your e-mail address will remain active.

Who is the e-mail from?

Looking at the "From" address of an e-mail can often tell you if it is legitimate or not. The University will only send users an e-mail from an e-mail address. It is possible to spoof the from address so that it appears to come from somewhere else. Therefore, this tell-tale sign should not be the only method used to decide whether something is legitimate or not.

Do the links look legitimate?

Many spam e-mails will ask you to click on a link within the e-mail. Have a look at where that link is going. The one in the example e-mail is obviously suspicious - there is no way that the University would want you to access a website hosted on a Russian (.ru) server. Again, these links can be obviously spoofed:

Hovering your mouse over the link will tell you where you are really being directed. If the two do not match, do not click on it. If in doubt, do not click on the link - it is one of the biggest causes of malware on a computer.

Check the Spelling and Grammar

Technicians in the IT department are not known for their ability to write eloquent prose. As a result, any e-mails we plan on sending to a large number of people are routinely checked by multiple members of the department before the public sees them. As a result, we can be fairly confident that the spelling and grammar of these e-mails is quite good. The example e-mail above clearly has terrible spelling ("relible") and grammar ("summit their information"), and should be seen as instantly suspicious.

Does it seem too generic?

The final area to look at is the overall feel of the e-mail. Phishing e-mails are written to be read by many thousands of people. Therefore, they rarely contain any specific information. The example e-mail above does not mention the University, the type of e-mail system in use (Exchange), and is signed using only the name "Helpdesk". An e-mail sent by the University IT department will always have a specific signature, with a name and phone number so that you can call to check the legitimacy of the information.

If you are ever in any doubt over the legitimacy of an e-mail you have received, please contact forward the email to or contact IT Support.