Can you tell the difference between a spam and phishing email? Spam, or junk email, is an unsolicited email that usually tries to sell you something. With spam, you can unsubscribe using a link in the email. The good news is that Gmail will catch most spam before it hits your inbox. The bad news is that sometimes it will mark a valid email as spam. (Missing an email you’re expecting? Check your spam folder!)
While most spam is harmless, some are not. Trojan horses and other malicious files are often attached to spam emails. These emails may contain links to websites that will download and install harmful software on your computer. Sometimes what appears to be a spam message is actually phishing.
The goal of Phishing is to get information. This can be in the form of an email, social media post, or direct message. The attacker will disguise themselves as someone you know or trust, like an employer or financial institution. They may ask you to provide an account ID, password, or other sensitive, personal information. Never reply or click on a link in a message that asks for personal information. Remember, Michigan Tech will never ask you to send personal information like an account name and password in an email.
How to spot a phishing email
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking links or downloading attachments, pause and take a few seconds to ensure the email looks legitimate. Here are some quick tips on how to spot a phishing email:
- Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.
- Does it contain an offer that’s too good to be true?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic? (e.g., Dear Madam or Dear Sir)
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlink or attachment?
- Does it include language that’s urgent, alarming, or threatening?
If you receive an email from someone you know/work with and it seems urgent or asks you to do something out of the ordinary? Call that person to confirm or talk to them in person. Use a phone number or email address that you know is legitimate; don’t use a phone number from the email request.
What if I receive a phishing email?
If you suspect an email is phishing, forward it to it-help@mtu.edu and use the Report Phishing option in Gmail. This alerts MTU’s security team, who will investigate and prevent other users from getting the same email. Please note that the Report phishing option is different than the Report Spam option in Gmail.
If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. If you’re using Gmail, report it as phishing.
What if I clicked or transmitted information?
If you’ve clicked on the link or suspect your account is compromised, follow the instructions in the IT Knowledge Base for: Steps to Secure a Compromised Account.
Do you have questions about email security? We can help. Contact IT at it-help@mtu.edu or call 906-487-1111.