-
Does the email contain an urgent request for personal or financial information?
"Phishers" typically include upsetting or exciting statements in their emails to get us to react immediately. Yes the information is fake - but that's why the request is made to seem urgent. If we took the time to stop and
really look at the email, we most likely would realize that it's phishing,
So we quickly click the link provided in the email to fix whatever the problem is, and trustingly share way too much personal information such as account usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
Be suspicious. Any seemingly urgent request for personal information or for you to log in and do something is very likely a scam. See this
excellent resource to learn how to protect yourself from phishing.
Did you receive an internal UWSP email and suspect that the sender was spoofed? The same tips on
how to protect yourself phishing apply to internal emails as well.
Is the sender from a department that deals with sensitive information but the email doesn't look quite right? Departments that deal with sensitive information typically encrypt their emails for an extra layer of security. Our
Verify Email Authenticity page will help you determine whether an email is encrypted and can be considered legitimate.
-
Does the email greet you with a generic greeting?
Or maybe your last name or username is used in the mail merged greeting?
Beware of generic greetings like "Dear UWSP Email User", or "Attention Customer", or greetings using your username/alias or just your last name. While some
types of phishing such as spear-phishing may be targeted to specific individuals or groups, most phishing emails are usually sent using mail merge data compiled from various sources. Internet criminals use generic names like "First Generic Bank Customer" as a workaround to having incorrect names in their merge data sources.
Be suspicious. Not seeing your name in the email greeting is a warning sign. If you receive an email with a generic greeting asking you to do something, particularly if it's urgent, verify the email sender and that they did indeed send the email.
To verify that the email sender is legitimate:
DO NOT call the number in the email. If you call the number provided in a phishing email, you're calling the scammers, not the legitimate business.
Learn more about
how phishing scammers get your email address.
-
Does an included link start with only HTTP:// ?
No legitimate business will use an unsecure "HTTP//". In the address bar you should see both a lock icon and an "https://" prefix on the link. This tells you that encryption is being used to protect your information as it travels to the website.
This is a start, however since both can be spoofed, you can check further by clicking the lock to see if the certificate displays the same company name. If warnings display when viewing the digital certificate, or when visiting the website, leave the site.
More information on how to determine if a website is legitimate.
-
Does the email contents seem "out of context"?
Are the contents of the email normal and expected? Is it expected behavior that the sender might send an attachment or a link to a shared file to accompany the email topic? Is it the kind of request that is normal from the sender? Do you even have an account with this "bank" or social media platform? Learn to be wary. Email without a digital security certificate can literally be from ANYONE.
If you suspect an email of being a phishing attempt, forward the email as an attachment to the UWSP
Postmaster.
Skip to main content
