Phishing scams are typically fraudulent email messages appearing to come from legitimate/reputable enterprises such as banks, universities, Microsoft, Amazon, Ebay, supervisors/managers, etc.

These messages usually direct you to an illegitimate website and ask you to provide private/personal information such as username and password, credit card number, social security number, passport information, your banking information and so on. These online perpetrators then use this personal information to commit identity theft and online fraud. 

Common features of phishing emails

  • Too good to be true
    Phishing emails are designed to grab your attention. These emails might claim you won a lottery, have a job opportunity with high pay, get a free iPhone or some lavish prize or reward. If you feel it’s too good to be true, it’s most likely is.
  • Sense of urgency
    One of the tactics these perpetrators use is to ask you to act urgently. Some will say your account will be suspended unless you update your personal information or you have only a few minutes to respond to the email. Legitimate organizations do not ask to update personal information via email and they give sufficient time before terminating or suspending account.
  • Hyperlinks and attachments
    Perpetrators embed links into phishing emails and ask you to click on them to update accounts or provide personal information. Hovering your cursor over a link shows you the actual URL where you will be directed. It could be completely different or it could imitate legitimate URLs such as "" where the 'm' is actually an 'r' and an 'n,' so pay close attention. Also, perpetrators send phishing emails with attachments which often contain payloads like viruses. Do not open an attachment you are not expecting.
  • Unusual sender
    Perpetrators can masquerade as someone you know. So always check the sender email address.

How Do I protect myself from phishing?

  • Be cautious of emails that contain links or attachments that you are not expecting. Do not click links or open files in suspicious email.
  • Don’t always believe what you see. Perpetrators can take control of anyone’s email account. Just because an email looks real, doesn’t mean it is.
  • Be cautious of generic emails that are asking you to perform actions not normally asked of you.
  • If you click the link, check the website address in the browser before doing anything else.